Ontology-based generation of IT-security metrics

13 years 12 months ago

Download research.securityresearch.at

Legal regulations and industry standards require organizations to measure and maintain a speciﬁed IT-security level. Although several IT-security metrics approaches have been developed, a methodology for automatically generating ISO 27001-based IT-security metrics based on concrete organization-speciﬁc control implementation knowledge is missing. Based on the security ontology by Fenz et al., including information security domain knowledge and the necessary structures to incorporate organization-speciﬁc facts into the ontology, this paper proposes a methodology for automatically generating ISO 27001-based IT-security metrics. The conducted validation has shown that the research results are a ﬁrst step towards increasing the degree of automation in the ﬁeld of IT-security metrics. Using the introduced methodology, organizations are enabled to evaluate their compliance with information security standards, and to evaluate control implementations’ eﬀectiveness at the same ti...

Stefan Fenz

Real-time Traffic

27001-based It-security Metrics | Applied Computing | IT-security Metrics | IT-security Metrics Approaches | SAC 2010 |

claim paper

Post Info
More Details (n/a)

Added	17 May 2010
Updated	17 May 2010
Type	Conference
Year	2010
Where	SAC
Authors	Stefan Fenz

Comments (0)

Sciweavers

Ontology-based generation of IT-security metrics

27001-based It-security Metrics | Applied Computing | IT-security Metrics | IT-security Metrics Approaches | SAC 2010 |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers