Utilizing a risk-driven operational security assurance methodology and measurement architecture: Experiences from a case study

Reijo Savola, Teemu Kanstren, Heimo Pentikäinen, Petri Jurmu, Mauri Myllyaho, Kimmo Hätönen

    Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientific

    Abstract

    Practical measurement of information security of
    telecoms services is a remarkable challenge because of the lack
    of applicable generic tools and methods, the difficult-to-predict
    nature of security risks, the complexity of the systems, and the
    low observability of security issues in them.
    We discuss our experiences in utilizing a risk-driven methodology and
    associated measurement architecture in a practical case study.
    Effectiveness and efficiency are of main interest to
    stakeholders responsible for security. We note, however, that
    security configuration correctness and compliance with
    requirements are, in practice, the core objectives from an
    operational perspective. For these objectives there is more
    evidence available and it is easier to attain it. Our findings in
    this case study show a need for a wide range of security metrics
    to offer sufficient evidence of the design, implementation, and
    deployment of security controls. The case study also shows how
    visualization tools can be used efficiently to support the
    management of collections of these metrics.
    Original languageEnglish
    Title of host publicationProceedings of the 8th International Conference on Networking and Services, ICNS 2012
    EditorsT. Nguyen
    PublisherInternational Academy, Research, and Industry Association IARIA
    Pages134-142
    ISBN (Print)978-1-6120-8186-1, 978-1-6183-9976-2
    Publication statusPublished - 2012
    MoE publication typeB3 Non-refereed article in conference proceedings
    EventEighth International Conference on Networking and Services 2012, ICNS 2012 - St. Maarten, Netherlands
    Duration: 25 Mar 201230 Mar 2012

    Conference

    ConferenceEighth International Conference on Networking and Services 2012, ICNS 2012
    Abbreviated titleICNS 2012
    Country/TerritoryNetherlands
    CitySt. Maarten
    Period25/03/1230/03/12

    Fingerprint

    Dive into the research topics of 'Utilizing a risk-driven operational security assurance methodology and measurement architecture: Experiences from a case study'. Together they form a unique fingerprint.

    Cite this