Security Metrics: Replacing Fear, Uncertainty, and Doubt
Security Metrics: Replacing Fear, Uncertainty, and Doubt
Security Pattern Lattice: A Formal Model to Organize Security Patterns
DEXA '08 Proceedings of the 2008 19th International Conference on Database and Expert Systems Application
A New Method for Fuzzy Formal Concept Analysis
WI-IAT '09 Proceedings of the 2009 IEEE/WIC/ACM International Joint Conference on Web Intelligence and Intelligent Agent Technology - Volume 03
Formal concept analysis in information science
Annual Review of Information Science and Technology
Risk analysis supported by information security metrics
Proceedings of the 12th International Conference on Computer Systems and Technologies
| Hi-index | 0.00 |
Methods for risk evaluation often involve subjective criteria because this process is undertaken by a risk analyst influenced by his own knowledge and experience. The purpose of this work is to bring objectivity to this process and to provide a discrete-scale evaluation of implemented security controls. It provides results and a final score from a security attributes point of view, that is a quality ranking of confidentiality, integrity, availability, authenticity and non-repudiability within the organization. The assignment of security clauses from the ISO/IEC 27002:2005 standard to security attributes uses the Formal Concept Analysis method, which provides summarized and clear object-attribute classification.