Abstract
Sufficient and credible information security measurement
in software-intensive systems requires use of a variety
of security metrics offering security-related evidence
from different viewpoints. Visualization is needed to
facilitate management of security metrics and
measurements and to increase the meaningfulness of them
in decision-making such as security assurance and risk
management. We introduce a novel visualization and
modeling tool for hierarchical specification and
deployment of security metrics and measurements. The tool
connects high-level risk-driven security objectives with
detailed measurements and evidence gathering. The tool
facilitates the management of a large number of metrics
and measurements without losing appropriate granularity
that is crucial for informed security decision-making
| Original language | English |
|---|---|
| Title of host publication | Proceedings of the ISSA 2011 Conference |
| Subtitle of host publication | Information Security for South Africa |
| Publisher | IEEE Institute of Electrical and Electronic Engineers |
| Number of pages | 8 |
| ISBN (Electronic) | 978-1-4577-1483-2 |
| ISBN (Print) | 978-1-4577-1482-5 |
| DOIs | |
| Publication status | Published - 2011 |
| MoE publication type | A4 Article in a conference publication |
| Event | 2011 Conference on Information Security for South Africa, ISSA 2011 - Johannesburg, South Africa Duration: 15 Aug 2011 → 17 Aug 2011 |
Conference
| Conference | 2011 Conference on Information Security for South Africa, ISSA 2011 |
|---|---|
| Abbreviated title | ISSA 2011 |
| Country/Territory | South Africa |
| City | Johannesburg |
| Period | 15/08/11 → 17/08/11 |
Keywords
- Risk management
- security assurance
- security metrics
- visualization