In order to better understand the information security performance in products, processes, technical systems or organizations as a whole, and to plan, control, and improve it, security engineers, system developers and business managers must be able to get early feedback information from the achieved security situation. Systematic security metrics provides the means for managing security-related measurements comprehensively. We reflect on the use of information security metrics by presenting the results of an interview study carried out in Finnish industrial companies and State institutions. Furthermore, we discuss the application of security measurements from the business process and technical points of view. The role of technical security metrics is analyzed using mobile ad hoc networks as a case example.
|Series||IFIP International Federation for Information Processing|
|Conference||IFIP TC-11 WG 11.1 and WG 11.5 Joint Working Conference on Security Management, Integrity and Internal Control in Information Systems|
|Period||1/12/05 → 2/12/05|