Abstract
Practical measurement of information security of
telecoms services is a remarkable challenge because of the lack
of applicable generic tools and methods, the difficult-to-predict
nature of security risks, the complexity of the systems, and the
low observability of security issues in them.
We discuss our experiences in utilizing a risk-driven methodology and
associated measurement architecture in a practical case study.
Effectiveness and efficiency are of main interest to
stakeholders responsible for security. We note, however, that
security configuration correctness and compliance with
requirements are, in practice, the core objectives from an
operational perspective. For these objectives there is more
evidence available and it is easier to attain it. Our findings in
this case study show a need for a wide range of security metrics
to offer sufficient evidence of the design, implementation, and
deployment of security controls. The case study also shows how
visualization tools can be used efficiently to support the
management of collections of these metrics.
telecoms services is a remarkable challenge because of the lack
of applicable generic tools and methods, the difficult-to-predict
nature of security risks, the complexity of the systems, and the
low observability of security issues in them.
We discuss our experiences in utilizing a risk-driven methodology and
associated measurement architecture in a practical case study.
Effectiveness and efficiency are of main interest to
stakeholders responsible for security. We note, however, that
security configuration correctness and compliance with
requirements are, in practice, the core objectives from an
operational perspective. For these objectives there is more
evidence available and it is easier to attain it. Our findings in
this case study show a need for a wide range of security metrics
to offer sufficient evidence of the design, implementation, and
deployment of security controls. The case study also shows how
visualization tools can be used efficiently to support the
management of collections of these metrics.
Original language | English |
---|---|
Title of host publication | Proceedings of the 8th International Conference on Networking and Services, ICNS 2012 |
Editors | T. Nguyen |
Publisher | International Academy, Research, and Industry Association IARIA |
Pages | 134-142 |
ISBN (Print) | 978-1-6120-8186-1, 978-1-6183-9976-2 |
Publication status | Published - 2012 |
MoE publication type | B3 Non-refereed article in conference proceedings |
Event | Eighth International Conference on Networking and Services 2012, ICNS 2012 - St. Maarten, Netherlands Duration: 25 Mar 2012 → 30 Mar 2012 |
Conference
Conference | Eighth International Conference on Networking and Services 2012, ICNS 2012 |
---|---|
Abbreviated title | ICNS 2012 |
Country/Territory | Netherlands |
City | St. Maarten |
Period | 25/03/12 → 30/03/12 |