Software metrics (2nd ed.): a rigorous and practical approach
Software metrics (2nd ed.): a rigorous and practical approach
Security Metrics: Replacing Fear, Uncertainty, and Doubt
Security Metrics: Replacing Fear, Uncertainty, and Doubt
Cobit 4.1
Addressing misalignment between information security metrics and business-driven security objectives
Proceedings of the 6th International Workshop on Security Measurements and Metrics
Characterizing and aggregating attack graph-based security metric
Characterizing and aggregating attack graph-based security metric
Towards a security evaluation model based on security metrics
Proceedings of the 13th International Conference on Computer Systems and Technologies
Hi-index | 0.00 |
This work presents motivation for using metrics as an instrument for the risk analysis. There are information security standards, like ISO 27000 family, which serve as a reference for risk analysis and assessment, however there is a lack of formal methods and some discrete-scale evaluation. The main goal of this work is to propose the metric - control objective mappings, so the chosen metrics will help the management decide whether the control objectives are fulfilled or not. We present a mathematical model of evaluation based on metrics, which should lead to more automatized risk analysis.