Title :
Towards integration of risk-driven and evidence-driven information security measurement
Author :
Savola, Reijo M.
Author_Institution :
VTT Tech. Res. Centre of Finland, Oulu, Finland
Abstract :
Carefully designed information security metrics enable informed and effective decision making. However, the current state of the art of developing security metrics is not sufficiently advanced. A major challenge is that typically the risk-driven (top-down modelling) and evidence-driven (bottom-up monitoring) metrics approaches are not aligned, and often used separately. Consequently, it is not possible to understand the impact of monitored evidence to actual security risk. A crosscut model for risk-driven and evidence-driven security metrology is needed. We analyze the concepts needed to be able to integrate these two main approaches.
Keywords :
decision making; security of data; bottom-up monitoring metrics; decision making; evidence-driven information security measurement; evidence-driven metrics; evidence-driven security metrology; information security metrics; risk-driven information security measurement; risk-driven metrics; risk-driven security metrology; top-down modelling metrics; Authentication; Measurement; Medical services; Monitoring; Sensors; Visualization; Security metrics; risk analysis; security monitoring;
Conference_Titel :
Application of Information and Communication Technologies (AICT), 2014 IEEE 8th International Conference on
Conference_Location :
Astana
Print_ISBN :
978-1-4799-4120-9
DOI :
10.1109/ICAICT.2014.7035903
