Towards integration of risk-driven and evidence driven information security measurement

    Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

    Abstract

    Carefully designed information security metrics enable informed and effective decision making. However, the current state of the art of developing security metrics is not sufficiently advanced. A major challenge is that typically the risk-driven (top-down modelling) and evidence-driven (bottom-up monitoring) metrics approaches are not aligned, and often used separately. Consequently, it is not possible to understand the impact of monitored evidence to actual security risk. A crosscut model for risk-driven and evidence-driven security metrology is needed. We analyze the concepts needed to be able to integrate these two main approaches.
    Original languageEnglish
    Title of host publicationProceedings
    Subtitle of host publicationIEEE 8th International Conference on Application of Information and Communication Technologies, AICT 2014
    PublisherIEEE Institute of Electrical and Electronic Engineers
    Number of pages6
    ISBN (Electronic)978-1-4799-4119-3
    ISBN (Print)978-147994120-9
    DOIs
    Publication statusPublished - 2014
    MoE publication typeA4 Article in a conference publication
    EventIEEE 8th International Conference on Application of Information and Communication Technologies, AICT2014 - Astana, Kazakhstan
    Duration: 15 Oct 201417 Oct 2014

    Conference

    ConferenceIEEE 8th International Conference on Application of Information and Communication Technologies, AICT2014
    Abbreviated titleAICT2014
    CountryKazakhstan
    CityAstana
    Period15/10/1417/10/14

    Fingerprint

    Security of data
    Decision making
    Monitoring

    Keywords

    • risk analysis
    • security metrics
    • security monitoring

    Cite this

    Savola, R. (2014). Towards integration of risk-driven and evidence driven information security measurement. In Proceedings: IEEE 8th International Conference on Application of Information and Communication Technologies, AICT 2014 [7035903] IEEE Institute of Electrical and Electronic Engineers . https://doi.org/10.1109/ICAICT.2014.7035903
    Savola, Reijo. / Towards integration of risk-driven and evidence driven information security measurement. Proceedings: IEEE 8th International Conference on Application of Information and Communication Technologies, AICT 2014. IEEE Institute of Electrical and Electronic Engineers , 2014.
    @inproceedings{cd1416de0dd64408850ef67ea2d29048,
    title = "Towards integration of risk-driven and evidence driven information security measurement",
    abstract = "Carefully designed information security metrics enable informed and effective decision making. However, the current state of the art of developing security metrics is not sufficiently advanced. A major challenge is that typically the risk-driven (top-down modelling) and evidence-driven (bottom-up monitoring) metrics approaches are not aligned, and often used separately. Consequently, it is not possible to understand the impact of monitored evidence to actual security risk. A crosscut model for risk-driven and evidence-driven security metrology is needed. We analyze the concepts needed to be able to integrate these two main approaches.",
    keywords = "risk analysis, security metrics, security monitoring",
    author = "Reijo Savola",
    year = "2014",
    doi = "10.1109/ICAICT.2014.7035903",
    language = "English",
    isbn = "978-147994120-9",
    booktitle = "Proceedings",
    publisher = "IEEE Institute of Electrical and Electronic Engineers",
    address = "United States",

    }

    Savola, R 2014, Towards integration of risk-driven and evidence driven information security measurement. in Proceedings: IEEE 8th International Conference on Application of Information and Communication Technologies, AICT 2014., 7035903, IEEE Institute of Electrical and Electronic Engineers , IEEE 8th International Conference on Application of Information and Communication Technologies, AICT2014, Astana, Kazakhstan, 15/10/14. https://doi.org/10.1109/ICAICT.2014.7035903

    Towards integration of risk-driven and evidence driven information security measurement. / Savola, Reijo.

    Proceedings: IEEE 8th International Conference on Application of Information and Communication Technologies, AICT 2014. IEEE Institute of Electrical and Electronic Engineers , 2014. 7035903.

    Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

    TY - GEN

    T1 - Towards integration of risk-driven and evidence driven information security measurement

    AU - Savola, Reijo

    PY - 2014

    Y1 - 2014

    N2 - Carefully designed information security metrics enable informed and effective decision making. However, the current state of the art of developing security metrics is not sufficiently advanced. A major challenge is that typically the risk-driven (top-down modelling) and evidence-driven (bottom-up monitoring) metrics approaches are not aligned, and often used separately. Consequently, it is not possible to understand the impact of monitored evidence to actual security risk. A crosscut model for risk-driven and evidence-driven security metrology is needed. We analyze the concepts needed to be able to integrate these two main approaches.

    AB - Carefully designed information security metrics enable informed and effective decision making. However, the current state of the art of developing security metrics is not sufficiently advanced. A major challenge is that typically the risk-driven (top-down modelling) and evidence-driven (bottom-up monitoring) metrics approaches are not aligned, and often used separately. Consequently, it is not possible to understand the impact of monitored evidence to actual security risk. A crosscut model for risk-driven and evidence-driven security metrology is needed. We analyze the concepts needed to be able to integrate these two main approaches.

    KW - risk analysis

    KW - security metrics

    KW - security monitoring

    U2 - 10.1109/ICAICT.2014.7035903

    DO - 10.1109/ICAICT.2014.7035903

    M3 - Conference article in proceedings

    SN - 978-147994120-9

    BT - Proceedings

    PB - IEEE Institute of Electrical and Electronic Engineers

    ER -

    Savola R. Towards integration of risk-driven and evidence driven information security measurement. In Proceedings: IEEE 8th International Conference on Application of Information and Communication Technologies, AICT 2014. IEEE Institute of Electrical and Electronic Engineers . 2014. 7035903 https://doi.org/10.1109/ICAICT.2014.7035903