Abstract
The use of information security metrics in certain Finnish industrial companies and State institutions, and its relation to the literature is discussed based on the results gained by interview studies. The emphasis is on the needs of metrics, relationship of metrics with the organizational processes, as well as the usefulness of metrics and future targets. Metrics experiences are used to analyze how they could be exploited in the organizations generally. The results of the interviews show that the benefits of measuring information security can only be seen when there is a process approach on the use of metrics and experience is gained from the use of historical data. The organizations need metrics that are repeatable, manageable, objective and comparable, quantifiable and proactive. There are systematic process models that the organizations could utilize. The essential step is the definition of the security objectives, against which the subsequent results can be mirrored.
Original language | English |
---|---|
Title of host publication | Proceedings of the 2005 KMIS International Conference |
Subtitle of host publication | Information Systems for Ubiquitous Society |
Pages | 444-448 |
Publication status | Published - 2005 |
MoE publication type | Not Eligible |
Event | KMIS International Conference 2005 - Jeju Island, Korea, Republic of Duration: 24 Nov 2005 → 26 Nov 2005 |
Conference
Conference | KMIS International Conference 2005 |
---|---|
Country/Territory | Korea, Republic of |
City | Jeju Island |
Period | 24/11/05 → 26/11/05 |