A visualization and modeling tool for security metrics and measurements management

Reijo Savola, Petri Heinonen

Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

18 Citations (Scopus)

Abstract

Sufficient and credible information security measurement in software-intensive systems requires use of a variety of security metrics offering security-related evidence from different viewpoints. Visualization is needed to facilitate management of security metrics and measurements and to increase the meaningfulness of them in decision-making such as security assurance and risk management. We introduce a novel visualization and modeling tool for hierarchical specification and deployment of security metrics and measurements. The tool connects high-level risk-driven security objectives with detailed measurements and evidence gathering. The tool facilitates the management of a large number of metrics and measurements without losing appropriate granularity that is crucial for informed security decision-making
Original languageEnglish
Title of host publicationProceedings of the ISSA 2011 Conference
Subtitle of host publicationInformation Security for South Africa
PublisherInstitute of Electrical and Electronic Engineers IEEE
Number of pages8
ISBN (Electronic)978-1-4577-1483-2
ISBN (Print)978-1-4577-1482-5
DOIs
Publication statusPublished - 2011
MoE publication typeA4 Article in a conference publication
Event2011 Conference on Information Security for South Africa, ISSA 2011 - Johannesburg, South Africa
Duration: 15 Aug 201117 Aug 2011

Conference

Conference2011 Conference on Information Security for South Africa, ISSA 2011
Abbreviated titleISSA 2011
CountrySouth Africa
CityJohannesburg
Period15/08/1117/08/11

Fingerprint

Visualization
Decision making
Security of data
Risk management
Specifications

Keywords

  • Risk management
  • security assurance
  • security metrics
  • visualization

Cite this

Savola, R., & Heinonen, P. (2011). A visualization and modeling tool for security metrics and measurements management. In Proceedings of the ISSA 2011 Conference: Information Security for South Africa Institute of Electrical and Electronic Engineers IEEE. https://doi.org/10.1109/ISSA.2011.6027518
Savola, Reijo ; Heinonen, Petri. / A visualization and modeling tool for security metrics and measurements management. Proceedings of the ISSA 2011 Conference: Information Security for South Africa. Institute of Electrical and Electronic Engineers IEEE, 2011.
@inproceedings{1b04a00bd9d64a4a8bb6248400d83f9e,
title = "A visualization and modeling tool for security metrics and measurements management",
abstract = "Sufficient and credible information security measurement in software-intensive systems requires use of a variety of security metrics offering security-related evidence from different viewpoints. Visualization is needed to facilitate management of security metrics and measurements and to increase the meaningfulness of them in decision-making such as security assurance and risk management. We introduce a novel visualization and modeling tool for hierarchical specification and deployment of security metrics and measurements. The tool connects high-level risk-driven security objectives with detailed measurements and evidence gathering. The tool facilitates the management of a large number of metrics and measurements without losing appropriate granularity that is crucial for informed security decision-making",
keywords = "Risk management, security assurance, security metrics, visualization",
author = "Reijo Savola and Petri Heinonen",
year = "2011",
doi = "10.1109/ISSA.2011.6027518",
language = "English",
isbn = "978-1-4577-1482-5",
booktitle = "Proceedings of the ISSA 2011 Conference",
publisher = "Institute of Electrical and Electronic Engineers IEEE",
address = "United States",

}

Savola, R & Heinonen, P 2011, A visualization and modeling tool for security metrics and measurements management. in Proceedings of the ISSA 2011 Conference: Information Security for South Africa. Institute of Electrical and Electronic Engineers IEEE, 2011 Conference on Information Security for South Africa, ISSA 2011, Johannesburg, South Africa, 15/08/11. https://doi.org/10.1109/ISSA.2011.6027518

A visualization and modeling tool for security metrics and measurements management. / Savola, Reijo; Heinonen, Petri.

Proceedings of the ISSA 2011 Conference: Information Security for South Africa. Institute of Electrical and Electronic Engineers IEEE, 2011.

Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

TY - GEN

T1 - A visualization and modeling tool for security metrics and measurements management

AU - Savola, Reijo

AU - Heinonen, Petri

PY - 2011

Y1 - 2011

N2 - Sufficient and credible information security measurement in software-intensive systems requires use of a variety of security metrics offering security-related evidence from different viewpoints. Visualization is needed to facilitate management of security metrics and measurements and to increase the meaningfulness of them in decision-making such as security assurance and risk management. We introduce a novel visualization and modeling tool for hierarchical specification and deployment of security metrics and measurements. The tool connects high-level risk-driven security objectives with detailed measurements and evidence gathering. The tool facilitates the management of a large number of metrics and measurements without losing appropriate granularity that is crucial for informed security decision-making

AB - Sufficient and credible information security measurement in software-intensive systems requires use of a variety of security metrics offering security-related evidence from different viewpoints. Visualization is needed to facilitate management of security metrics and measurements and to increase the meaningfulness of them in decision-making such as security assurance and risk management. We introduce a novel visualization and modeling tool for hierarchical specification and deployment of security metrics and measurements. The tool connects high-level risk-driven security objectives with detailed measurements and evidence gathering. The tool facilitates the management of a large number of metrics and measurements without losing appropriate granularity that is crucial for informed security decision-making

KW - Risk management

KW - security assurance

KW - security metrics

KW - visualization

U2 - 10.1109/ISSA.2011.6027518

DO - 10.1109/ISSA.2011.6027518

M3 - Conference article in proceedings

SN - 978-1-4577-1482-5

BT - Proceedings of the ISSA 2011 Conference

PB - Institute of Electrical and Electronic Engineers IEEE

ER -

Savola R, Heinonen P. A visualization and modeling tool for security metrics and measurements management. In Proceedings of the ISSA 2011 Conference: Information Security for South Africa. Institute of Electrical and Electronic Engineers IEEE. 2011 https://doi.org/10.1109/ISSA.2011.6027518