Abstract
To obtain evidence of the security of different products or
organizations, systematic approaches to measuring security are needed. We
introduce a high abstraction level taxonomy to support the development of
feasible security metrics, along with a survey of the emerging security
metrics from the academic, governmental and industrial perspectives. With our
taxonomy, we strive to bridge the gap between information security management
and ICT products, and services security engineering. We believe that if common
metrics approaches between different security disciplines can be found, this
will advance our holistic understanding and capabilities, both in security
management and engineering. Our taxonomy is based on comparing earlier
taxonomy approaches and analyzing types of security metrics. Based on the
survey, a discussion of future research directions is given in order to prompt
advances in the field.
Original language | English |
---|---|
Title of host publication | Proceedings |
Subtitle of host publication | International Conference on Software Engineering Advances, ICSEA 2007 |
Place of Publication | Piscataway |
Publisher | IEEE Institute of Electrical and Electronic Engineers |
Pages | 376-382 |
ISBN (Print) | 978-0-7695-2937-0 |
DOIs | |
Publication status | Published - 2007 |
MoE publication type | A4 Article in a conference publication |
Event | International Conference on Software Engineering Advances, ICSEA 2007 - Cap Esterel, France Duration: 25 Aug 2007 → 31 Aug 2007 |
Conference
Conference | International Conference on Software Engineering Advances, ICSEA 2007 |
---|---|
Abbreviated title | ICSEA 2007 |
Country/Territory | France |
City | Cap Esterel |
Period | 25/08/07 → 31/08/07 |
Keywords
- security metric
- taxonomy
- information security
- security