Towards integration of risk-driven and evidence driven information security measurement

Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

Abstract

Carefully designed information security metrics enable informed and effective decision making. However, the current state of the art of developing security metrics is not sufficiently advanced. A major challenge is that typically the risk-driven (top-down modelling) and evidence-driven (bottom-up monitoring) metrics approaches are not aligned, and often used separately. Consequently, it is not possible to understand the impact of monitored evidence to actual security risk. A crosscut model for risk-driven and evidence-driven security metrology is needed. We analyze the concepts needed to be able to integrate these two main approaches.
Original languageEnglish
Title of host publicationProceedings
Subtitle of host publicationIEEE 8th International Conference on Application of Information and Communication Technologies, AICT 2014
PublisherInstitute of Electrical and Electronic Engineers IEEE
Number of pages6
ISBN (Electronic)978-1-4799-4119-3
ISBN (Print)978-147994120-9
DOIs
Publication statusPublished - 2014
MoE publication typeA4 Article in a conference publication
EventIEEE 8th International Conference on Application of Information and Communication Technologies, AICT2014 - Astana, Kazakhstan
Duration: 15 Oct 201417 Oct 2014

Conference

ConferenceIEEE 8th International Conference on Application of Information and Communication Technologies, AICT2014
Abbreviated titleAICT2014
CountryKazakhstan
CityAstana
Period15/10/1417/10/14

Fingerprint

Security of data
Decision making
Monitoring

Keywords

  • risk analysis
  • security metrics
  • security monitoring

Cite this

Savola, R. (2014). Towards integration of risk-driven and evidence driven information security measurement. In Proceedings: IEEE 8th International Conference on Application of Information and Communication Technologies, AICT 2014 [7035903] Institute of Electrical and Electronic Engineers IEEE. https://doi.org/10.1109/ICAICT.2014.7035903
Savola, Reijo. / Towards integration of risk-driven and evidence driven information security measurement. Proceedings: IEEE 8th International Conference on Application of Information and Communication Technologies, AICT 2014. Institute of Electrical and Electronic Engineers IEEE, 2014.
@inproceedings{cd1416de0dd64408850ef67ea2d29048,
title = "Towards integration of risk-driven and evidence driven information security measurement",
abstract = "Carefully designed information security metrics enable informed and effective decision making. However, the current state of the art of developing security metrics is not sufficiently advanced. A major challenge is that typically the risk-driven (top-down modelling) and evidence-driven (bottom-up monitoring) metrics approaches are not aligned, and often used separately. Consequently, it is not possible to understand the impact of monitored evidence to actual security risk. A crosscut model for risk-driven and evidence-driven security metrology is needed. We analyze the concepts needed to be able to integrate these two main approaches.",
keywords = "risk analysis, security metrics, security monitoring",
author = "Reijo Savola",
year = "2014",
doi = "10.1109/ICAICT.2014.7035903",
language = "English",
isbn = "978-147994120-9",
booktitle = "Proceedings",
publisher = "Institute of Electrical and Electronic Engineers IEEE",
address = "United States",

}

Savola, R 2014, Towards integration of risk-driven and evidence driven information security measurement. in Proceedings: IEEE 8th International Conference on Application of Information and Communication Technologies, AICT 2014., 7035903, Institute of Electrical and Electronic Engineers IEEE, IEEE 8th International Conference on Application of Information and Communication Technologies, AICT2014, Astana, Kazakhstan, 15/10/14. https://doi.org/10.1109/ICAICT.2014.7035903

Towards integration of risk-driven and evidence driven information security measurement. / Savola, Reijo.

Proceedings: IEEE 8th International Conference on Application of Information and Communication Technologies, AICT 2014. Institute of Electrical and Electronic Engineers IEEE, 2014. 7035903.

Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

TY - GEN

T1 - Towards integration of risk-driven and evidence driven information security measurement

AU - Savola, Reijo

PY - 2014

Y1 - 2014

N2 - Carefully designed information security metrics enable informed and effective decision making. However, the current state of the art of developing security metrics is not sufficiently advanced. A major challenge is that typically the risk-driven (top-down modelling) and evidence-driven (bottom-up monitoring) metrics approaches are not aligned, and often used separately. Consequently, it is not possible to understand the impact of monitored evidence to actual security risk. A crosscut model for risk-driven and evidence-driven security metrology is needed. We analyze the concepts needed to be able to integrate these two main approaches.

AB - Carefully designed information security metrics enable informed and effective decision making. However, the current state of the art of developing security metrics is not sufficiently advanced. A major challenge is that typically the risk-driven (top-down modelling) and evidence-driven (bottom-up monitoring) metrics approaches are not aligned, and often used separately. Consequently, it is not possible to understand the impact of monitored evidence to actual security risk. A crosscut model for risk-driven and evidence-driven security metrology is needed. We analyze the concepts needed to be able to integrate these two main approaches.

KW - risk analysis

KW - security metrics

KW - security monitoring

U2 - 10.1109/ICAICT.2014.7035903

DO - 10.1109/ICAICT.2014.7035903

M3 - Conference article in proceedings

SN - 978-147994120-9

BT - Proceedings

PB - Institute of Electrical and Electronic Engineers IEEE

ER -

Savola R. Towards integration of risk-driven and evidence driven information security measurement. In Proceedings: IEEE 8th International Conference on Application of Information and Communication Technologies, AICT 2014. Institute of Electrical and Electronic Engineers IEEE. 2014. 7035903 https://doi.org/10.1109/ICAICT.2014.7035903