Towards a security metrics taxonomy for the information and communication technology industry

Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

31 Citations (Scopus)

Abstract

To obtain evidence of the security of different products or organizations, systematic approaches to measuring security are needed. We introduce a high abstraction level taxonomy to support the development of feasible security metrics, along with a survey of the emerging security metrics from the academic, governmental and industrial perspectives. With our taxonomy, we strive to bridge the gap between information security management and ICT products, and services security engineering. We believe that if common metrics approaches between different security disciplines can be found, this will advance our holistic understanding and capabilities, both in security management and engineering. Our taxonomy is based on comparing earlier taxonomy approaches and analyzing types of security metrics. Based on the survey, a discussion of future research directions is given in order to prompt advances in the field.
Original languageEnglish
Title of host publicationProceedings
Subtitle of host publicationInternational Conference on Software Engineering Advances, ICSEA 2007
Place of PublicationPiscataway, NJ, USA
PublisherIEEE Institute of Electrical and Electronic Engineers
Pages376-382
ISBN (Print)0-7695-2937-2, 978-0-7695-2937-0
DOIs
Publication statusPublished - 2007
MoE publication typeA4 Article in a conference publication
EventInternational Conference on Software Engineering Advances, ICSEA 2007 - Cap Esterel, France
Duration: 25 Aug 200731 Aug 2007

Conference

ConferenceInternational Conference on Software Engineering Advances, ICSEA 2007
Abbreviated titleICSEA 2007
CountryFrance
CityCap Esterel
Period25/08/0731/08/07

Fingerprint

Taxonomies
Communication
Industry
Security of data

Keywords

  • security metric
  • taxonomy
  • information security
  • security

Cite this

Savola, R. (2007). Towards a security metrics taxonomy for the information and communication technology industry. In Proceedings: International Conference on Software Engineering Advances, ICSEA 2007 (pp. 376-382). Piscataway, NJ, USA: IEEE Institute of Electrical and Electronic Engineers . https://doi.org/10.1109/ICSEA.2007.79
Savola, Reijo. / Towards a security metrics taxonomy for the information and communication technology industry. Proceedings: International Conference on Software Engineering Advances, ICSEA 2007. Piscataway, NJ, USA : IEEE Institute of Electrical and Electronic Engineers , 2007. pp. 376-382
@inproceedings{cad943a5ad7446ef98ccbba0a51a9cdb,
title = "Towards a security metrics taxonomy for the information and communication technology industry",
abstract = "To obtain evidence of the security of different products or organizations, systematic approaches to measuring security are needed. We introduce a high abstraction level taxonomy to support the development of feasible security metrics, along with a survey of the emerging security metrics from the academic, governmental and industrial perspectives. With our taxonomy, we strive to bridge the gap between information security management and ICT products, and services security engineering. We believe that if common metrics approaches between different security disciplines can be found, this will advance our holistic understanding and capabilities, both in security management and engineering. Our taxonomy is based on comparing earlier taxonomy approaches and analyzing types of security metrics. Based on the survey, a discussion of future research directions is given in order to prompt advances in the field.",
keywords = "security metric, taxonomy, information security, security",
author = "Reijo Savola",
year = "2007",
doi = "10.1109/ICSEA.2007.79",
language = "English",
isbn = "0-7695-2937-2",
pages = "376--382",
booktitle = "Proceedings",
publisher = "IEEE Institute of Electrical and Electronic Engineers",
address = "United States",

}

Savola, R 2007, Towards a security metrics taxonomy for the information and communication technology industry. in Proceedings: International Conference on Software Engineering Advances, ICSEA 2007. IEEE Institute of Electrical and Electronic Engineers , Piscataway, NJ, USA, pp. 376-382, International Conference on Software Engineering Advances, ICSEA 2007, Cap Esterel, France, 25/08/07. https://doi.org/10.1109/ICSEA.2007.79

Towards a security metrics taxonomy for the information and communication technology industry. / Savola, Reijo.

Proceedings: International Conference on Software Engineering Advances, ICSEA 2007. Piscataway, NJ, USA : IEEE Institute of Electrical and Electronic Engineers , 2007. p. 376-382.

Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

TY - GEN

T1 - Towards a security metrics taxonomy for the information and communication technology industry

AU - Savola, Reijo

PY - 2007

Y1 - 2007

N2 - To obtain evidence of the security of different products or organizations, systematic approaches to measuring security are needed. We introduce a high abstraction level taxonomy to support the development of feasible security metrics, along with a survey of the emerging security metrics from the academic, governmental and industrial perspectives. With our taxonomy, we strive to bridge the gap between information security management and ICT products, and services security engineering. We believe that if common metrics approaches between different security disciplines can be found, this will advance our holistic understanding and capabilities, both in security management and engineering. Our taxonomy is based on comparing earlier taxonomy approaches and analyzing types of security metrics. Based on the survey, a discussion of future research directions is given in order to prompt advances in the field.

AB - To obtain evidence of the security of different products or organizations, systematic approaches to measuring security are needed. We introduce a high abstraction level taxonomy to support the development of feasible security metrics, along with a survey of the emerging security metrics from the academic, governmental and industrial perspectives. With our taxonomy, we strive to bridge the gap between information security management and ICT products, and services security engineering. We believe that if common metrics approaches between different security disciplines can be found, this will advance our holistic understanding and capabilities, both in security management and engineering. Our taxonomy is based on comparing earlier taxonomy approaches and analyzing types of security metrics. Based on the survey, a discussion of future research directions is given in order to prompt advances in the field.

KW - security metric

KW - taxonomy

KW - information security

KW - security

U2 - 10.1109/ICSEA.2007.79

DO - 10.1109/ICSEA.2007.79

M3 - Conference article in proceedings

SN - 0-7695-2937-2

SN - 978-0-7695-2937-0

SP - 376

EP - 382

BT - Proceedings

PB - IEEE Institute of Electrical and Electronic Engineers

CY - Piscataway, NJ, USA

ER -

Savola R. Towards a security metrics taxonomy for the information and communication technology industry. In Proceedings: International Conference on Software Engineering Advances, ICSEA 2007. Piscataway, NJ, USA: IEEE Institute of Electrical and Electronic Engineers . 2007. p. 376-382 https://doi.org/10.1109/ICSEA.2007.79