Towards a taxonomy for information security metrics

Proceedings of the ACM Conference on Computer and Communications Security

Volumn , Issue , 2007, Pages 28-30

  Savola, Reijo M ^a  

^a VTT TECHNICAL RESEARCH CENTRE OF FINLAND   (Finland)

Author keywords

Information assurance; Information security metrics; Network security; Security assurance; Software security

Indexed keywords

INFORMATION AND COMMUNICATION TECHNOLOGIES; INFORMATION ASSURANCE; INFORMATION SECURITY MANAGEMENTS; INFORMATION SECURITY METRIC; NETWORKS SECURITY; SECURITY ASSURANCE; SECURITY METRICS; SECURITY PERFORMANCE; SOFTWARE SECURITY; TECHNOLOGY PRODUCTS;

NETWORK SECURITY;

EID: 79959536713     PISSN: 15437221     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1314257.1314266     Document Type: Conference Paper

References (12)

1. Bellovin, S. M. On the Brittleness of Software and the Infeasibility of Security Metrics. IEEE Security & Privacy, Jul/Aug, 2006, 96.
2. Burris, P., King, C. A Few Good Security Metrics. METAGroup, Inc., Oct. 2000.
3. Henning, R. et al. Proc. of Workshop on Information Security System, Scoring and Ranking - Information System Security Attribute Quantification or Ordering, ACSA and MITRE, Williamsburg, Virginia, May 2001, 2002
4. ISO/IEC 17799:2005. Information Technology - Security Techniques - Code of Practice for Information Security Management. ISO, 2005.
5. Jelen, G. SSE-CMM Security Metrics. NIST and CSSPAB Workshop, Washington, D.C., June, 2000.
6. McHugh, J. Quantitative Measures of Assurance: Prophecy, Process or Pipedream? Proc. of Workshop on Information Security System Scoring and Ranking (WISSSR), ACSA and MITRE, Williamsburg, Virginia, May 2001, 2002
7. Payne, S. C. A Guide to Security Metrics. SANS Institute Information Security Reading Room, June, 2006.
8. nd Ann. Conf. Privacy, Security and Trust (PST 2004), Fredericton, NB, Oct., 2004.
9. Stoddard, M. et al. Process Control System Security Metrics - State of Practice. I3P Institute for Information Infrastructure Protection Research Report No. 1, Aug., 2005.
10. Swanson, M. Security Self-Assessment Guide for Information Technology Systems. NIST Special Publication 800-26, Nov., 2001.
11. Swanson, M., Bartol, N., Sabato, J., Hash, J., Graffo, L. Security Metrics Guide for Information Technology Systems. NIST Special Publication 800-55, Jul., 2003.
12. th Hawaii Int. Conf. on System Sciences HICSS 03., 2003.