Measurement of security : observations and challenges.

Research output: Contribution to conferenceOther conference contributionScientificpeer-review

Abstract

It is a widely accepted management principle that an activity cannot be managed well if it cannot be measured - but can we apply that principle to security too? How secure is a software product or a communication network, or their fusion? And how secure does it need to be in order to be secure enough?
The field of developing security metrics systematically is young. The problem behind the immaturity of security metrics is that the current practice of security is still a highly diverse field, and holistic and widely accepted approaches are still missing. If the research community is able to develop intelligent and feasible mechanisms for the measurement and information gathering, we might even learn more about the nature of security, trust and dependability. The current limited knowledge of the nature of security-related concepts is hindering us from finding rigorous solutions to the aspects of overall security.
In the presentation, we review the state-of-the-art approaches to measure security. The target of the measurement can be e.g. organization, a part of it, a technical system or a service. We investigate the types of metrics available, related standards and how to develop security metrics in practice.
Original languageEnglish
Number of pages31
Publication statusPublished - 2010
MoE publication typeNot Eligible
EventSnT seminar: Measurement of Security - Observations and Challenges - Luxembourg, Luxembourg
Duration: 11 May 2010 → …

Seminar

SeminarSnT seminar: Measurement of Security - Observations and Challenges
CountryLuxembourg
CityLuxembourg
Period11/05/10 → …

Fingerprint

Telecommunication networks
Fusion reactions

Cite this

Savola, R. (2010). Measurement of security : observations and challenges.. SnT seminar: Measurement of Security - Observations and Challenges, Luxembourg, Luxembourg.
Savola, Reijo. / Measurement of security : observations and challenges. SnT seminar: Measurement of Security - Observations and Challenges, Luxembourg, Luxembourg.31 p.
@conference{38ed2904d76f4c57b198979b2db24d89,
title = "Measurement of security : observations and challenges.",
abstract = "It is a widely accepted management principle that an activity cannot be managed well if it cannot be measured - but can we apply that principle to security too? How secure is a software product or a communication network, or their fusion? And how secure does it need to be in order to be secure enough?The field of developing security metrics systematically is young. The problem behind the immaturity of security metrics is that the current practice of security is still a highly diverse field, and holistic and widely accepted approaches are still missing. If the research community is able to develop intelligent and feasible mechanisms for the measurement and information gathering, we might even learn more about the nature of security, trust and dependability. The current limited knowledge of the nature of security-related concepts is hindering us from finding rigorous solutions to the aspects of overall security.In the presentation, we review the state-of-the-art approaches to measure security. The target of the measurement can be e.g. organization, a part of it, a technical system or a service. We investigate the types of metrics available, related standards and how to develop security metrics in practice.",
author = "Reijo Savola",
year = "2010",
language = "English",
note = "SnT seminar: Measurement of Security - Observations and Challenges ; Conference date: 11-05-2010",

}

Savola, R 2010, 'Measurement of security : observations and challenges.', SnT seminar: Measurement of Security - Observations and Challenges, Luxembourg, Luxembourg, 11/05/10.

Measurement of security : observations and challenges. / Savola, Reijo.

2010. SnT seminar: Measurement of Security - Observations and Challenges, Luxembourg, Luxembourg.

Research output: Contribution to conferenceOther conference contributionScientificpeer-review

TY - CONF

T1 - Measurement of security : observations and challenges.

AU - Savola, Reijo

PY - 2010

Y1 - 2010

N2 - It is a widely accepted management principle that an activity cannot be managed well if it cannot be measured - but can we apply that principle to security too? How secure is a software product or a communication network, or their fusion? And how secure does it need to be in order to be secure enough?The field of developing security metrics systematically is young. The problem behind the immaturity of security metrics is that the current practice of security is still a highly diverse field, and holistic and widely accepted approaches are still missing. If the research community is able to develop intelligent and feasible mechanisms for the measurement and information gathering, we might even learn more about the nature of security, trust and dependability. The current limited knowledge of the nature of security-related concepts is hindering us from finding rigorous solutions to the aspects of overall security.In the presentation, we review the state-of-the-art approaches to measure security. The target of the measurement can be e.g. organization, a part of it, a technical system or a service. We investigate the types of metrics available, related standards and how to develop security metrics in practice.

AB - It is a widely accepted management principle that an activity cannot be managed well if it cannot be measured - but can we apply that principle to security too? How secure is a software product or a communication network, or their fusion? And how secure does it need to be in order to be secure enough?The field of developing security metrics systematically is young. The problem behind the immaturity of security metrics is that the current practice of security is still a highly diverse field, and holistic and widely accepted approaches are still missing. If the research community is able to develop intelligent and feasible mechanisms for the measurement and information gathering, we might even learn more about the nature of security, trust and dependability. The current limited knowledge of the nature of security-related concepts is hindering us from finding rigorous solutions to the aspects of overall security.In the presentation, we review the state-of-the-art approaches to measure security. The target of the measurement can be e.g. organization, a part of it, a technical system or a service. We investigate the types of metrics available, related standards and how to develop security metrics in practice.

M3 - Other conference contribution

ER -

Savola R. Measurement of security : observations and challenges.. 2010. SnT seminar: Measurement of Security - Observations and Challenges, Luxembourg, Luxembourg.