Assessing the Feasibility of Security Metrics
| Autor: | Steven Furnell, Bernhard Heinzle |
|---|---|
| Rok vydání: | 2013 |
| Předmět: | |
| Zdroj: | Trust, Privacy, and Security in Digital Business ISBN: 9783642403422 TrustBus |
| Popis: | This paper proposes a self-assessment framework that allows a user to determine security metrics that are feasible specifically for the user's ISMS. To achieve this, a metric catalogue containing 95 metrics from different sources was created. The catalogue was enhanced by ascertaining requirements that need to be fulfilled in order to be able to use the metric as well as ISO 27001 clauses and controls whose effectiveness is being measured by each metric. During an assessment, the user indicates which requirements are fulfilled. After conducting an assessment, a list of feasible metrics, the number of metrics per ISO 27001 clause and control, and other information are generated as assessment results. A software prototype was created and shows a proof of concept. The results of the study were evaluated by external experts, which has validated the composition of the metrics catalogue, the design of the self-assessment framework, the value of the prototype and helped to identify areas of improvement and future work. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|