Abstract
Carefully designed information security metrics enable
informed and effective decision making. However, the
current state of the art of developing security metrics
is not sufficiently advanced. A major challenge is that
typically the risk-driven (top-down modelling) and
evidence-driven (bottom-up monitoring) metrics approaches
are not aligned, and often used separately. Consequently,
it is not possible to understand the impact of monitored
evidence to actual security risk. A crosscut model for
risk-driven and evidence-driven security metrology is
needed. We analyze the concepts needed to be able to
integrate these two main approaches.
Original language | English |
---|---|
Title of host publication | IEEE 8th International Conference on Application of Information and Communication Technologies (AICT 2014) |
Publisher | IEEE Institute of Electrical and Electronic Engineers |
Number of pages | 6 |
ISBN (Electronic) | 978-1-4799-4119-3, 978-1-4799-4121-6 |
ISBN (Print) | 978-1-4799-4120-9 |
DOIs | |
Publication status | Published - 2014 |
MoE publication type | A4 Article in a conference publication |
Event | IEEE 8th International Conference on Application of Information and Communication Technologies, AICT2014 - Astana, Kazakhstan Duration: 15 Oct 2014 → 17 Oct 2014 |
Conference
Conference | IEEE 8th International Conference on Application of Information and Communication Technologies, AICT2014 |
---|---|
Abbreviated title | AICT2014 |
Country/Territory | Kazakhstan |
City | Astana |
Period | 15/10/14 → 17/10/14 |
Keywords
- risk analysis
- security metrics
- security monitoring