Title :
Efficient Security Measurements and Metrics for Risk Assessment
Author :
Tashi, I. ; Ghernaouti-Helie, S.
Author_Institution :
Fac. of Bus. & Econ., Univ. of Lausanne, Lausanne
fDate :
June 29 2008-July 5 2008
Abstract :
An efficient IT security management relies upon the ability to make a good compromise between the cost of security countermeasures to be implemented, and the reality of informational risks an organization have to face. In fact, it concerns the capacity of an IT security manager to make decisions in a dynamic and complex environment. Even a well-experienced manager needs reliable tools to optimize the decision making process. The aim of this paper is to propose some relevant metrics and measurements in order to facilitate the decision making and to improve performance and accountability in security measures and procedures. We propose an approach to obtain some meaningful and useful metrics and measurements, to assess the Information Security Preparedness Level in a continuing improvement scope.
Keywords :
continuous improvement; decision making; information technology; risk management; security of data; IT security management; Information Security Preparedness Level; continuing improvement scope; decision making; risk assessment; security countermeasures; security measurements; security metrics; Risk management; Security; Complex Environments; IS Assurance; IS Management effectiveness and efficiency; IS assessment; IS metrics and measurements; Information Security (IS) Management; Risk Management; Risk analysis;
Conference_Titel :
Internet Monitoring and Protection, 2008. ICIMP '08. The Third International Conference on
Conference_Location :
Bucharest
Print_ISBN :
978-0-7695-3189-2
Electronic_ISBN :
978-0-7695-3189-2
DOI :
10.1109/ICIMP.2008.34
