Measurement of information security in processes and products

Reijo Savola, Juhani Anttila, Anni Sademies, Jorma Kajava, Jarkko Holappa

    Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

    1 Citation (Scopus)

    Abstract

    In order to better understand the information security performance in products, processes, technical systems or organizations as a whole, and to plan, control, and improve it, security engineers, system developers and business managers must be able to get early feedback information from the achieved security situation. Systematic security metrics provides the means for managing security-related measurements comprehensively. We reflect on the use of information security metrics by presenting the results of an interview study carried out in Finnish industrial companies and State institutions. Furthermore, we discuss the application of security measurements from the business process and technical points of view. The role of technical security metrics is analyzed using mobile ad hoc networks as a case example.
    Original languageEnglish
    Title of host publicationSecurity Management, Integrity, and Internal Control in Information Systems
    EditorsPaul Dowland, Steve Furnell, Bhavani Thuraisingham, X. Sean Wang
    PublisherSpringer
    Pages249-265
    ISBN (Electronic)978-0-387-31167-8
    ISBN (Print)0-387-29826-6, 978-0-387-29826-9
    DOIs
    Publication statusPublished - 2005
    MoE publication typeA4 Article in a conference publication
    EventIFIP TC-11 WG 11.1 and WG 11.5 Joint Working Conference on Security Management, Integrity and Internal Control in Information Systems - Fairfax, United States
    Duration: 1 Dec 20052 Dec 2005

    Publication series

    SeriesIFIP International Federation for Information Processing
    Volume193
    ISSN1571-5736

    Conference

    ConferenceIFIP TC-11 WG 11.1 and WG 11.5 Joint Working Conference on Security Management, Integrity and Internal Control in Information Systems
    CountryUnited States
    CityFairfax
    Period1/12/052/12/05

      Fingerprint

    Keywords

    • information security

    Cite this

    Savola, R., Anttila, J., Sademies, A., Kajava, J., & Holappa, J. (2005). Measurement of information security in processes and products. In P. Dowland, S. Furnell, B. Thuraisingham, & X. S. Wang (Eds.), Security Management, Integrity, and Internal Control in Information Systems (pp. 249-265). Springer. IFIP International Federation for Information Processing, Vol.. 193 https://doi.org/10.1007/0-387-31167-X_16