Abstract
Carefully designed information security metrics enable
informed and effective decision making. However, the
current state of the art of developing security metrics
is not sufficiently advanced. A major challenge is that
typically the risk-driven (top-down modelling) and
evidence-driven (bottom-up monitoring) metrics approaches
are not aligned, and often used separately. Consequently,
it is not possible to understand the impact of monitored
evidence to actual security risk. A crosscut model for
risk-driven and evidence-driven security metrology is
needed. We analyze the concepts needed to be able to
integrate these two main approaches.
| Original language | English |
|---|---|
| Title of host publication | IEEE 8th International Conference on Application of Information and Communication Technologies (AICT 2014) |
| Publisher | IEEE Institute of Electrical and Electronic Engineers |
| Number of pages | 6 |
| ISBN (Electronic) | 978-1-4799-4119-3, 978-1-4799-4121-6 |
| ISBN (Print) | 978-1-4799-4120-9 |
| DOIs | |
| Publication status | Published - 2014 |
| MoE publication type | A4 Article in a conference publication |
| Event | IEEE 8th International Conference on Application of Information and Communication Technologies, AICT2014 - Astana, Kazakhstan Duration: 15 Oct 2014 → 17 Oct 2014 |
Conference
| Conference | IEEE 8th International Conference on Application of Information and Communication Technologies, AICT2014 |
|---|---|
| Abbreviated title | AICT2014 |
| Country/Territory | Kazakhstan |
| City | Astana |
| Period | 15/10/14 → 17/10/14 |
Keywords
- risk analysis
- security metrics
- security monitoring
Fingerprint
Dive into the research topics of 'Towards integration of risk-driven and evidence driven information security measurement'. Together they form a unique fingerprint.Cite this
- APA
- Author
- BIBTEX
- Harvard
- Standard
- RIS
- Vancouver