skip to main content
10.1145/2383276.2383291acmotherconferencesArticle/Chapter ViewAbstractPublication PagescompsystechConference Proceedingsconference-collections
research-article

Towards a security evaluation model based on security metrics

Published: 22 June 2012 Publication History

Abstract

Methods for risk evaluation often involve subjective criteria because this process is undertaken by a risk analyst influenced by his own knowledge and experience. The purpose of this work is to bring objectivity to this process and to provide a discrete-scale evaluation of implemented security controls. It provides results and a final score from a security attributes point of view, that is a quality ranking of confidentiality, integrity, availability, authenticity and non-repudiability within the organization. The assignment of security clauses from the ISO/IEC 27002:2005 standard to security attributes uses the Formal Concept Analysis method, which provides summarized and clear object-attribute classification.

References

[1]
ISO. ISO/IEC Std. ISO 27002:2005, Information Technology -- Security Techniques -- Code of Practice for Information Security Management. ISO, 2005.
[2]
J. Breier and L. Hudec. Risk Analysis Supported by Information Security Metrics. In ACM, volume 578, pages 393--398, 2011.
[3]
L. Hayden. IT Security Metrics. McGraw-Hill Osborne Media, 2010.
[4]
A. Jacquith. Security Metrics: Replacing Fear, Uncertainty, and Doubt. Addison-Wesley Professional, 2007.
[5]
A. Sarmah, S. M. Hazarika, and S. K. Sinha. Security pattern lattice: A formal model to organize security patterns. In Proceedings of the 2008 19th International Conference on Database and Expert Systems Application, pages 292--296, Washington, DC, USA, 2008. IEEE Computer Society.
[6]
U. Priss. Formal concept analysis in information science. Annual Review of Information Science and Technology, 40:521--543, 1996.
[7]
W. Baker, A. Hutton, D. Hylender, J. Pamula, Ch. Porter, and M. Spitler. 2011 Data Breach Investigations Report. Technical report, Verizon, 2011.
[8]
S. Zheng, Y. Zhou, and T. Martin. A new method for fuzzy formal concept analysis. In Proceedings of the 2009 IEEE/WIC/ACM International Joint Conference on Web Intelligence and Intelligent Agent Technology - Volume 03, WI-IAT '09, pages 405--408, Washington, DC, USA, 2009. IEEE Computer Society.
  1. Towards a security evaluation model based on security metrics

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Other conferences
    CompSysTech '12: Proceedings of the 13th International Conference on Computer Systems and Technologies
    June 2012
    440 pages
    ISBN:9781450311939
    DOI:10.1145/2383276
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 22 June 2012

    Permissions

    Request permissions for this article.

    Check for updates

    Author Tags

    1. formal concept analysis
    2. information security
    3. risk evaluation
    4. security metrics
    5. security model
    6. security standards

    Qualifiers

    • Research-article

    Conference

    CompSysTech'12

    Acceptance Rates

    Overall Acceptance Rate 241 of 492 submissions, 49%

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • 0
      Total Citations
    • 304
      Total Downloads
    • Downloads (Last 12 months)5
    • Downloads (Last 6 weeks)0
    Reflects downloads up to 15 Jan 2025

    Other Metrics

    Citations

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Media

    Figures

    Other

    Tables

    Share

    Share

    Share this Publication link

    Share on social media