Modelling Static and Dynamic Aspects of Security:: A Socio-Technical View on Information Security Metrics
2011 (English)In: he 12th International Symposium on Models and Modeling Methodologies in Science and Engineering: MMMse 2011, 2011Conference paper (Refereed)
Managing something that is not measured is difficult to near impossible and information security is not an exception. In the recent years, this has become increasingly apparent.
Noticeable progress has been made in advancing the areas of information security measurement and reporting. However, a number of challenges and gaps still remain, and the existing paradigms meant to address them are not without limitations.
In this paper, we suggestsa socio-technical model that was previously used to model USA's national computer security policy as a model that can be applied to the information security metrics area. The model can provide a unifying, holistic view on the area, illustrating interrelationships and gaps between various efforts at different abstraction levels. The proposed model can be mapped to some of the existing paradigms and, possibly, help address some of their individual limitations by offering a more unified perspective
Place, publisher, year, edition, pages
Information Security, Security Metrics, Security Measurement, Security Management, Security Models
Research subject Computer and Systems Sciences
IdentifiersURN: urn:nbn:se:su:diva-67169ISBN: 13 978-1-936338-22-1OAI: oai:DiVA.org:su-67169DiVA: diva2:469588