Abstract
Metrics for the evaluation of information security basically contribute to risk reduction within organizations dealing with the manipulation of information. However, in information security metric approach, generally there is not a standard classified appreciation regarding essential metrics within the required scope to do this activity in risk reduction and asset protection. Therefore, this research is a Systematic Literature Review (SLR) regarding the evaluation of information security. In this study, 50 bibliographical data-base extracted articles such as ScienceDirect, Scopus, IEEE, ACM Digital Library, Hindawi, MDPI and Springer were gathered and analyzed. Scientific documents answered the proposed research question whereas results identified several information security metric classifications such as integrity, vulnerability, authorization and confidentiality.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Ahmed, M., Pathan, A.S.K.: False data injection attack (FDIA): an overview and new metrics for fair evaluation of its countermeasure. Complex Adapt. Syst. Model. 8(1), 1–14 (2020). https://doi.org/10.1186/S40294-020-00070-W/FIGURES/7
Alcaraz Velasco, F., Palomares, J.M., Olivares, J.: Lightweight method of shuffling overlapped data-blocks for data integrity and security in WSNs. Comput. Netw. 199, 108470 (2021). https://doi.org/10.1016/J.COMNET.2021.108470
Andersson, J., Grassi, V., Mirandola, R., Perez-Palacin, D.: A conceptual framework for resilience: fundamental definitions, strategies and metrics. Computing 103(4), 559–588 (2021). https://doi.org/10.1007/S00607-020-00874-X/FIGURES/10
Baldi, M., Maturo, N., Ricciutelli, G., Chiaraluce, F.: Physical layer security over fading wiretap channels through classic coded transmissions with finite block length and discrete modulation. Phys. Commun. 37, 100829 (2019). https://doi.org/10.1016/J.PHYCOM.2019.100829
Behal, S., Kumar, K.: Detection of DDoS attacks and flash events using information theory metrics–an empirical investigation. Comput. Commun. 103, 18–28 (2017). https://doi.org/10.1016/J.COMCOM.2017.02.003
Behal, S., Kumar, K., Sachdeva, M.: D-FAC: a novel ϕ-divergence based distributed DDoS defense system. J. King Saud Univ. – Comput. Inf. Sci. 33(3), 291–303 (2021). https://doi.org/10.1016/J.JKSUCI.2018.03.005
Bokharaie, V.S., Jahanian, A.: Side-channel leakage assessment metrics and methodologies at design cycle: a case study for a cryptosystem. J. Inf. Secur. Appl. 54, 102561 (2020). https://doi.org/10.1016/J.JISA.2020.102561
Cho, C.S., Chung, W.H., Kuo, S.Y.: Cyberphysical security and dependability analysis of digital control systems in nuclear power plants. IEEE Trans. Syst. Man Cybern. Syst. 46(3), 356–369 (2016). https://doi.org/10.1109/TSMC.2015.2452897
Dhanaraj, R.K., Ramakrishnan, V., Poongodi, M., Krishnasamy, L., Hamdi, M., Kotecha, K., Vijayakumar, V.: Random forest bagging and x-means clustered antipattern detection from SQL query log for accessing secure mobile data. Wirel. Commun. Mob. Comput. 2021 (2021). https://doi.org/10.1155/2021/2730246
Diesch, R., Pfaff, M., Krcmar, H.: A comprehensive model of information security factors for decision-makers. Comput. Secur. 92, 101747 (2020). https://doi.org/10.1016/J.COSE.2020.101747
Domingo-Ferrer, J., Muralidhar, K., Bras-Amoros, M.: General confidentiality and utility metrics for privacy-preserving data publishing based on the permutation model. IEEE Trans. Dependable Secure Comput. 18, 2506–2517 (2020). https://doi.org/10.1109/TDSC.2020.2968027
Enoch, S.Y., Huang, Z., Moon, C.Y., Lee, D., Ahn, M.K., Kim, D.S.: HARMer: cyber-attacks automation and evaluation. IEEE Access 8, 129397–129414 (2020). https://doi.org/10.1109/ACCESS.2020.3009748
Enoch, S.Y., Lee, J.S., Kim, D.S.: Novel security models, metrics and security assessment for maritime vessel networks. Comput. Netw. 189, 107934 (2021). https://doi.org/10.1016/J.COMNET.2021.107934
Eom, T., Hong, J.B., An, S., Park, J.S., Kim, D.S.: A systematic approach to threat modeling and security analysis for software defined networking. IEEE Access. 7, 137432–137445 (2019). https://doi.org/10.1109/ACCESS.2019.2940039
Falco, G., Caldera, C., Shrobe, H.: IIoT cybersecurity risk modeling for SCADA systems. IEEE Internet Things J. 5(6), 4486–4495 (2018). https://doi.org/10.1109/JIOT.2018.2822842
Fang, Y., Jian, Z., Jin, Z., Xie, X., Lu, Y., Li, T. : Fast policy interpretation and dynamic conflict resolution for blockchain-based IoT system. Wirel. Commun. Mob. Comput. 2021 (2021). https://doi.org/10.1155/2021/9968743
Gómez Enciso, E., Porras Flores, E.E.: Modelo de evaluación de seguridad para transmitir datos usando web services. Ind. Data 21(1), 123 (2018). https://doi.org/10.15381/IDATA.V21I1.14927
Gunes, B., Kayisoglu, G., Bolat, P.: Cyber security risk assessment for seaports: a case study of a container port. Comput. Secur. 103, 102196 (2021). https://doi.org/10.1016/J.COSE.2021.102196
Guo, J., Wang, L.: Learning to upgrade internet information security and protection strategy in big data era. Comput. Commun. 160, 150–157 (2020). https://doi.org/10.1016/J.COMCOM.2020.05.043
Halabi, T., Bellaiche, M.: Towards quantification and evaluation of security of cloud service providers. J. Inf. Secur. Appl. 33, 55–65 (2017). https://doi.org/10.1016/J.JISA.2017.01.007
Halvorsen, J., Waite, J., Hahn, A.: Evaluating the observability of network security monitoring strategies with tomato. IEEE Access 7, 108304–108315 (2019). https://doi.org/10.1109/ACCESS.2019.2933415
Hassandoust, F., Subasinghage, M., Johnston, A.C.: A neo-institutional perspective on the establishment of information security knowledge sharing practices. Inf. Manag. 59(1), 103574 (2021). https://doi.org/10.1016/J.IM.2021.103574
Heigl, M., Anand, K.A., Urmann, A., Fiala, D., Schramm, M., Hable, R.: On the improvement of the isolation forest algorithm for outlier detection with streaming data. Electronics (Switzerland) 10(13) (2021). https://doi.org/10.3390/ELECTRONICS10131534
Hong, J.B., Enoch, S.Y., Kim, D.S., Nhlabatsi, A., Fetais, N., Khan, K.M.: Dynamic security metrics for measuring the effectiveness of moving target defense techniques. Comput. Secur. 79, 33–52 (2018). https://doi.org/10.1016/J.COSE.2018.08.003
Jiang, Y., Atif, Y.: A selective ensemble model for cognitive cybersecurity analysis. J. Netw. Comput. Appl. 193, 103210 (2021). https://doi.org/10.1016/J.JNCA.2021.103210
Khaleel, A.H., Abduljaleel, I.Q.: A novel technique for speech encryption based on k- means clustering and quantum chaotic map. Bull. Electr. Eng. Inf. 10(1), 160–170 (2021). https://doi.org/10.11591/EEI.V10I1.2405
Kure, H.I., Islam, S., Razzaque, M.A.: An integrated cyber security risk management approach for a cyber-physical system. Appl. Sci. 8(6), 898 (2018). https://doi.org/10.3390/APP8060898
Ma, X.: IS professionals’ information security behaviors in Chinese IT organizations for information security protection. Inf. Process. Manag. 59(1), 102744 (2021). https://doi.org/10.1016/J.IPM.2021.102744
McLeod, A., Dolezel, D.: Information security policy non-compliance: can capitulation theory explain user behaviors? Comput. Secur. 112, 102526 (2021). https://doi.org/10.1016/J.COSE.2021.102526
Philippou, E., Frey, S., Rashid, A.: Contextualising and aligning security metrics and business objectives: a GQM-based methodology. Comput. Secur. 88, 101634 (2020). https://doi.org/10.1016/J.COSE.2019.101634
Ramos, A., Lazar, M., Filho, R.H., Rodrigues, J.J.P.C.: Model-based quantitative network security metrics: a survey. IEEE Commun. Surv. Tutor. 19(4), 2704–2734 (2017). https://doi.org/10.1109/COMST.2017.2745505
Shan, C., Jiang, B., Xue, J., Guan, F., Xiao, N.: An approach for internal network security metric based on attack probability. Secur. Commun. Netw. 2018 (2018). https://doi.org/10.1155/2018/3652170
Torabi, M., Parkouk, S., Shokrollahi, S.: Secrecy performance analysis of amplify-and-forward cooperative network with relay selection in the presence of multiple eavesdroppers. Wirel. Netw. 27(4), 2977–2990 (2021). https://doi.org/10.1007/s11276-021-02611-4
Wagner, I., Eckhoff, D.: Technical privacy metrics. ACM Comput. Surv. (CSUR) 51(3) (2018). https://doi.org/10.1145/3168389
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Imbaquingo-Esparza, D., Díaz, J., Arciniega, S., Jácome, J., Ortega-Bustamante, M. (2022). Metric Identification Evaluating Security Information: A Systematic Literature Review. In: Valencia-García, R., Bucaram-Leverone, M., Del Cioppo-Morstadt, J., Vera-Lucio, N., Jácome-Murillo, E. (eds) Technologies and Innovation. CITI 2022. Communications in Computer and Information Science, vol 1658. Springer, Cham. https://doi.org/10.1007/978-3-031-19961-5_16
Download citation
DOI: https://doi.org/10.1007/978-3-031-19961-5_16
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-19960-8
Online ISBN: 978-3-031-19961-5
eBook Packages: Computer ScienceComputer Science (R0)