Measurement of security : observations and challenges.

Reijo Savola

    Research output: Contribution to conferenceOther conference contributionScientificpeer-review


    It is a widely accepted management principle that an activity cannot be managed well if it cannot be measured - but can we apply that principle to security too? How secure is a software product or a communication network, or their fusion? And how secure does it need to be in order to be secure enough?
    The field of developing security metrics systematically is young. The problem behind the immaturity of security metrics is that the current practice of security is still a highly diverse field, and holistic and widely accepted approaches are still missing. If the research community is able to develop intelligent and feasible mechanisms for the measurement and information gathering, we might even learn more about the nature of security, trust and dependability. The current limited knowledge of the nature of security-related concepts is hindering us from finding rigorous solutions to the aspects of overall security.
    In the presentation, we review the state-of-the-art approaches to measure security. The target of the measurement can be e.g. organization, a part of it, a technical system or a service. We investigate the types of metrics available, related standards and how to develop security metrics in practice.
    Original languageEnglish
    Number of pages31
    Publication statusPublished - 2010
    MoE publication typeNot Eligible
    EventSnT seminar: Measurement of Security - Observations and Challenges - Luxembourg, Luxembourg
    Duration: 11 May 2010 → …


    SeminarSnT seminar: Measurement of Security - Observations and Challenges
    Period11/05/10 → …


    Dive into the research topics of 'Measurement of security : observations and challenges.'. Together they form a unique fingerprint.

    Cite this