Towards a taxonomy for information security metrics

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Towards a taxonomy for information security metrics

Full text

Pdf (239 KB)

Source

Conference on Computer and Communications Security archive
Proceedings of the 2007 ACM workshop on Quality of protection table of contents

Alexandria, Virginia, USA

SESSION: Business security metrics table of contents

Pages: 28 - 30

Year of Publication: 2007

ISBN:978-1-59593-885-5

Author

Reijo M. Savola

VTT Technical Research Centre of Finland, Oulu, Finland

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control
ACM: Association for Computing Machinery

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 44, Downloads (12 Months): 349, Citation Count: 0

Additional Information:

abstract references index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1314257.1314266 What is a DOI?

ABSTRACT

Systematic approaches to measuring security are needed in order to obtain evidence of the security performance of products or an organization. In this study we survey the emerging security metrics approaches from the academic, governmental and industrial perspectives and aim to bridge the gap between information security management and Information and Communication Technology (ICT) product security practices. If common metrics approaches between different security disciplines can be found, this will advance our holistic understanding and capabilities, both in management and engineering practices.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Steven M. Bellovin, On the Brittleness of Software and the Infeasibility of Security Metrics, IEEE Security and Privacy, v.4 n.4, p.96, July 2006 [doi>10.1109/MSP.2006.101]
	2	Burris, P., King, C. A Few Good Security Metrics. METAGroup, Inc., Oct. 2000.
	3	Henning, R. et al. Proc. of Workshop on Information Security System, Scoring and Ranking - Information System Security Attribute Quantification or Ordering, ACSA and MITRE, Williamsburg, Virginia, May 2001, 2002
	4	ISO/IEC 17799:2005. Information Technology - Security Techniques - Code of Practice for Information Security Management. ISO, 2005.
	5	Jelen, G. SSE-CMM Security Metrics. NIST and CSSPAB Workshop, Washington, D.C., June, 2000.
	6	McHugh, J. Quantitative Measures of Assurance: Prophecy, Process or Pipedream? Proc. of Workshop on Information Security System Scoring and Ranking (WISSSR), ACSA and MITRE, Williamsburg, Virginia, May 2001, 2002
	7	Payne, S. C. A Guide to Security Metrics. SANS Institute Information Security Reading Room, June, 2006.
	8	Seddigh, N., Pieda, P., Matrawy, A., Nandy, B., Lambadaris, I., Hatfield, A. Current Trends and Advances in Information Assurance Metrics. Proc. of the 2nd Ann. Conf. Privacy, Security and Trust (PST 2004), Fredericton, NB, Oct., 2004.
	9	Stoddard, M. et al. Process Control System Security Metrics - State of Practice. I3P Institute for Information Infrastructure Protection Research Report No. 1, Aug., 2005.
	10	Swanson, M. Security Self-Assessment Guide for Information Technology Systems. NIST Special Publication 800-26, Nov., 2001.
	11	Swanson, M., Bartol, N., Sabato, J., Hash, J., Graffo, L. Security Metrics Guide for Information Technology Systems. NIST Special Publication 800-55, Jul., 2003.
	12	Rayford B. Vaughn, Jr. , Ronda Henning , Ambareen Siraj, Information Assurance Measures and Metrics " State of Practice and Proposed Taxonomy, Proceedings of the 36th Annual Hawaii International Conference on System Sciences (HICSS'03) - Track 9, p.331.3, January 06-09, 2003