Abstract
It is a widely accepted management principle that an activity cannot be managed well if it cannot be measured - but can we apply that principle to security too? How secure is a software product or a communication network, or their fusion? And how secure does it need to be in order to be secure enough?
The field of developing security metrics systematically is young. The problem behind the immaturity of security metrics is that the current practice of security is still a highly diverse field, and holistic and widely accepted approaches are still missing. If the research community is able to develop intelligent and feasible mechanisms for the measurement and information gathering, we might even learn more about the nature of security, trust and dependability. The current limited knowledge of the nature of security-related concepts is hindering us from finding rigorous solutions to the aspects of overall security.
In the presentation, we review the state-of-the-art approaches to measure security. The target of the measurement can be e.g. organization, a part of it, a technical system or a service. We investigate the types of metrics available, related standards and how to develop security metrics in practice.
The field of developing security metrics systematically is young. The problem behind the immaturity of security metrics is that the current practice of security is still a highly diverse field, and holistic and widely accepted approaches are still missing. If the research community is able to develop intelligent and feasible mechanisms for the measurement and information gathering, we might even learn more about the nature of security, trust and dependability. The current limited knowledge of the nature of security-related concepts is hindering us from finding rigorous solutions to the aspects of overall security.
In the presentation, we review the state-of-the-art approaches to measure security. The target of the measurement can be e.g. organization, a part of it, a technical system or a service. We investigate the types of metrics available, related standards and how to develop security metrics in practice.
Original language | English |
---|---|
Number of pages | 31 |
Publication status | Published - 2010 |
MoE publication type | Not Eligible |
Event | SnT seminar: Measurement of Security - Observations and Challenges - Luxembourg, Luxembourg Duration: 11 May 2010 → … |
Seminar
Seminar | SnT seminar: Measurement of Security - Observations and Challenges |
---|---|
Country/Territory | Luxembourg |
City | Luxembourg |
Period | 11/05/10 → … |