The economics of information security investment
ACM Transactions on Information and System Security (TISSEC)
Is Information Security Under Control?: Investigating Quality in Information Security Management
IEEE Security and Privacy
Improving risk assessment methodology: a statistical design of experiments approach
Proceedings of the 2nd international conference on Security of information and networks
Quantified security is a weak hypothesis: a critical survey of results and assumptions
NSPW '09 Proceedings of the 2009 workshop on New security paradigms workshop
An Enhanced Firewall Scheme for Dynamic and Adaptive Containment of Emerging Security Threats
BWCCA '10 Proceedings of the 2010 International Conference on Broadband, Wireless Computing, Communication and Applications
SP 800-30. Risk Management Guide for Information Technology Systems
SP 800-30. Risk Management Guide for Information Technology Systems
Security Analytics and Measurements
IEEE Security and Privacy
| Hi-index | 0.00 |
Selection of proper security mechanisms that will protect the organization's assets against cyber threats is an important non-trivial problem. This paper introduces the approach based on statistical methods that will help to choose the proper controls with respect to actual security threats. First, we determine security mechanisms that support control objectives from ISO/IEC 27002 standard and assign them meaningful weights. Then we employ a factor analysis to reveal dependencies among control objectives. Then this knowledge can be reflected to security mechanisms, that inherit these dependencies from control objectives.