Towards integration of risk-driven and evidence driven information security measurement

    Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

    Abstract

    Carefully designed information security metrics enable informed and effective decision making. However, the current state of the art of developing security metrics is not sufficiently advanced. A major challenge is that typically the risk-driven (top-down modelling) and evidence-driven (bottom-up monitoring) metrics approaches are not aligned, and often used separately. Consequently, it is not possible to understand the impact of monitored evidence to actual security risk. A crosscut model for risk-driven and evidence-driven security metrology is needed. We analyze the concepts needed to be able to integrate these two main approaches.
    Original languageEnglish
    Title of host publicationProceedings
    Subtitle of host publicationIEEE 8th International Conference on Application of Information and Communication Technologies, AICT 2014
    PublisherIEEE Institute of Electrical and Electronic Engineers
    Number of pages6
    ISBN (Electronic)978-1-4799-4119-3
    ISBN (Print)978-147994120-9
    DOIs
    Publication statusPublished - 2014
    MoE publication typeA4 Article in a conference publication
    EventIEEE 8th International Conference on Application of Information and Communication Technologies, AICT2014 - Astana, Kazakhstan
    Duration: 15 Oct 201417 Oct 2014

    Conference

    ConferenceIEEE 8th International Conference on Application of Information and Communication Technologies, AICT2014
    Abbreviated titleAICT2014
    CountryKazakhstan
    CityAstana
    Period15/10/1417/10/14

    Keywords

    • risk analysis
    • security metrics
    • security monitoring

    Fingerprint Dive into the research topics of 'Towards integration of risk-driven and evidence driven information security measurement'. Together they form a unique fingerprint.

  • Cite this

    Savola, R. (2014). Towards integration of risk-driven and evidence driven information security measurement. In Proceedings: IEEE 8th International Conference on Application of Information and Communication Technologies, AICT 2014 [7035903] IEEE Institute of Electrical and Electronic Engineers. https://doi.org/10.1109/ICAICT.2014.7035903