Towards a security metrics taxonomy for the information and communication technology industry

Reijo Savola

    Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

    43 Citations (Scopus)

    Abstract

    To obtain evidence of the security of different products or organizations, systematic approaches to measuring security are needed. We introduce a high abstraction level taxonomy to support the development of feasible security metrics, along with a survey of the emerging security metrics from the academic, governmental and industrial perspectives. With our taxonomy, we strive to bridge the gap between information security management and ICT products, and services security engineering. We believe that if common metrics approaches between different security disciplines can be found, this will advance our holistic understanding and capabilities, both in security management and engineering. Our taxonomy is based on comparing earlier taxonomy approaches and analyzing types of security metrics. Based on the survey, a discussion of future research directions is given in order to prompt advances in the field.
    Original languageEnglish
    Title of host publicationProceedings
    Subtitle of host publicationInternational Conference on Software Engineering Advances, ICSEA 2007
    Place of PublicationPiscataway
    PublisherIEEE Institute of Electrical and Electronic Engineers
    Pages376-382
    ISBN (Print)978-0-7695-2937-0
    DOIs
    Publication statusPublished - 2007
    MoE publication typeA4 Article in a conference publication
    EventInternational Conference on Software Engineering Advances, ICSEA 2007 - Cap Esterel, France
    Duration: 25 Aug 200731 Aug 2007

    Conference

    ConferenceInternational Conference on Software Engineering Advances, ICSEA 2007
    Abbreviated titleICSEA 2007
    Country/TerritoryFrance
    CityCap Esterel
    Period25/08/0731/08/07

    Keywords

    • security metric
    • taxonomy
    • information security
    • security

    Fingerprint

    Dive into the research topics of 'Towards a security metrics taxonomy for the information and communication technology industry'. Together they form a unique fingerprint.

    Cite this