TY - GEN
T1 - Measurement of information security in processes and products
AU - Savola, Reijo
AU - Anttila, Juhani
AU - Sademies, Anni
AU - Kajava, Jorma
AU - Holappa, Jarkko
PY - 2005
Y1 - 2005
N2 - In order to better understand the information security performance in products, processes, technical systems or organizations as a whole, and to plan, control, and improve it, security engineers, system developers and business managers must be able to get early feedback information from the achieved security situation. Systematic security metrics provides the means for managing security-related measurements comprehensively. We reflect on the use of information security metrics by presenting the results of an interview study carried out in Finnish industrial companies and State institutions. Furthermore, we discuss the application of security measurements from the business process and technical points of view. The role of technical security metrics is analyzed using mobile ad hoc networks as a case example.
AB - In order to better understand the information security performance in products, processes, technical systems or organizations as a whole, and to plan, control, and improve it, security engineers, system developers and business managers must be able to get early feedback information from the achieved security situation. Systematic security metrics provides the means for managing security-related measurements comprehensively. We reflect on the use of information security metrics by presenting the results of an interview study carried out in Finnish industrial companies and State institutions. Furthermore, we discuss the application of security measurements from the business process and technical points of view. The role of technical security metrics is analyzed using mobile ad hoc networks as a case example.
KW - information security
U2 - 10.1007/0-387-31167-X_16
DO - 10.1007/0-387-31167-X_16
M3 - Conference article in proceedings
SN - 0-387-29826-6
SN - 978-0-387-29826-9
T3 - IFIP International Federation for Information Processing
SP - 249
EP - 265
BT - Security Management, Integrity, and Internal Control in Information Systems
A2 - Dowland, Paul
A2 - Furnell, Steve
A2 - Thuraisingham, Bhavani
A2 - Wang, X. Sean
PB - Springer
T2 - IFIP TC-11 WG 11.1 and WG 11.5 Joint Working Conference on Security Management, Integrity and Internal Control in Information Systems
Y2 - 1 December 2005 through 2 December 2005
ER -