Title :
A Policy-Based Metrics Framework for Information Security Performance Measurement
Author :
Martin, Clemens ; Refai, Mustapha
Author_Institution :
Univ. of Ontario Inst. of Technol., Oshawa
Abstract :
In this article we are proposing a new approach to measure and monitor overall IT security performance. This approach is based on a policy-based frame work that establishes a methodology to measure security performance; it also incorporates a policy performance indicator. The framework is composed of a number of interacting components: security policies and procedures model, a business security goal and targets repository, a set of security measurement processes, a metrics development and analysis process, and a central metrics and measurement model. Lastly a module that derives an overall security posture and generates reports detects trends and develops recommendations. Our approach assists in determining the security posture of an organization, which is becoming a necessity for legal and regulatory compliance.
Keywords :
security of data; computer crime; information security performance measurement; policy-based metrics framework; Area measurement; Automatic control; Data security; Gain measurement; Information security; Investments; Law; Legal factors; Monitoring; NIST;
Conference_Titel :
Business-Driven IT Management, 2007. BDIM '07. 2nd IEEE/IFIP International Workshop on
Conference_Location :
Munich
Print_ISBN :
1-4244-1295-1
DOI :
10.1109/BDIM.2007.375016
