Efficient Security Measurements and Metrics for Risk Assessment

Author

Tashi, I. ; Ghernaouti-Helie, S.

Author_Institution

Fac. of Bus. & Econ., Univ. of Lausanne, Lausanne

fYear

2008

fDate

June 29 2008-July 5 2008

Firstpage

131

Lastpage

138

Abstract

An efficient IT security management relies upon the ability to make a good compromise between the cost of security countermeasures to be implemented, and the reality of informational risks an organization have to face. In fact, it concerns the capacity of an IT security manager to make decisions in a dynamic and complex environment. Even a well-experienced manager needs reliable tools to optimize the decision making process. The aim of this paper is to propose some relevant metrics and measurements in order to facilitate the decision making and to improve performance and accountability in security measures and procedures. We propose an approach to obtain some meaningful and useful metrics and measurements, to assess the Information Security Preparedness Level in a continuing improvement scope.

Keywords

continuous improvement; decision making; information technology; risk management; security of data; IT security management; Information Security Preparedness Level; continuing improvement scope; decision making; risk assessment; security countermeasures; security measurements; security metrics; Risk management; Security; Complex Environments; IS Assurance; IS Management effectiveness and efficiency; IS assessment; IS metrics and measurements; Information Security (IS) Management; Risk Management; Risk analysis;

fLanguage

English

Publisher

ieee

Conference_Titel

Internet Monitoring and Protection, 2008. ICIMP '08. The Third International Conference on

Conference_Location

Bucharest

Print_ISBN

978-0-7695-3189-2

Electronic_ISBN

978-0-7695-3189-2

Type

conf

DOI

10.1109/ICIMP.2008.34

Filename

4561338