Measurement of security : observations and challenges.

    Research output: Contribution to conferenceOther conference contributionScientificpeer-review

    Abstract

    It is a widely accepted management principle that an activity cannot be managed well if it cannot be measured - but can we apply that principle to security too? How secure is a software product or a communication network, or their fusion? And how secure does it need to be in order to be secure enough?
    The field of developing security metrics systematically is young. The problem behind the immaturity of security metrics is that the current practice of security is still a highly diverse field, and holistic and widely accepted approaches are still missing. If the research community is able to develop intelligent and feasible mechanisms for the measurement and information gathering, we might even learn more about the nature of security, trust and dependability. The current limited knowledge of the nature of security-related concepts is hindering us from finding rigorous solutions to the aspects of overall security.
    In the presentation, we review the state-of-the-art approaches to measure security. The target of the measurement can be e.g. organization, a part of it, a technical system or a service. We investigate the types of metrics available, related standards and how to develop security metrics in practice.
    Original languageEnglish
    Number of pages31
    Publication statusPublished - 2010
    MoE publication typeNot Eligible
    EventSnT seminar: Measurement of Security - Observations and Challenges - Luxembourg, Luxembourg
    Duration: 11 May 2010 → …

    Seminar

    SeminarSnT seminar: Measurement of Security - Observations and Challenges
    CountryLuxembourg
    CityLuxembourg
    Period11/05/10 → …

      Fingerprint

    Cite this

    Savola, R. (2010). Measurement of security : observations and challenges.. SnT seminar: Measurement of Security - Observations and Challenges, Luxembourg, Luxembourg.