Towards integration of risk-driven and evidence-driven information security measurement

机译：致力于整合风险驱动和证据驱动的信息安全度量

获取原文

页面导航

摘要
著录项
相似文献
相关主题

摘要

Carefully designed information security metrics enable informed and effective decision making. However, the current state of the art of developing security metrics is not sufficiently advanced. A major challenge is that typically the risk-driven (top-down modelling) and evidence-driven (bottom-up monitoring) metrics approaches are not aligned, and often used separately. Consequently, it is not possible to understand the impact of monitored evidence to actual security risk. A crosscut model for risk-driven and evidence-driven security metrology is needed. We analyze the concepts needed to be able to integrate these two main approaches.

机译：精心设计的信息安全指标可实现明智且有效的决策。但是，开发安全度量标准的当前技术水平还不够先进。一个主要的挑战是，通常风险驱动（自上而下的建模）和证据驱动（自下而上的监视）度量方法是不一致的，并且经常分开使用。因此，不可能了解受监视的证据对实际安全风险的影响。需要用于风险驱动和证据驱动的安全度量的横切模型。我们分析了能够集成这两种主要方法所需的概念。

著录项

来源
《IEEE International Conference on Application of Information and Communication Technologies》|2014年|1-6|共6页
会议地点
作者
Savola Reijo M.;
展开▼
作者单位

展开▼
会议组织
原文格式 PDF
正文语种
中图分类
关键词
decision making; security of data; bottom-up monitoring metrics; decision making; evidence-driven information security measurement; evidence-driven metrics; evidence-driven security metrology; information security metrics; risk-driven information security measurement; risk-driven metrics; risk-driven security metrology; top-down modelling metrics; Authentication; Measurement; Medical services; Monitoring; Sensors; Visualization; Security metrics; risk analysis; security monitoring;

机译：决策;数据安全性;自下而上的监视指标;决策;证据驱动的信息安全度量;证据驱动的度量;证据驱动的安全度量;信息安全度量;风险驱动的信息安全度量;风险驱动的度量;风险驱动的安全度量;自上而下的建模指标;身份验证;测量;医疗服务;监控;传感器;可视化;安全指标;风险分析;安全监控;

相似文献

外文文献
中文文献
专利

1. Risk-driven security metrics for an Android smartphone application [J] . Reijo M. Savola, Markku Kylänpää, Habtamu Abie International Journal of Electronic Business . 2020,第4期

机译：Android智能手机应用程序的风险驱动安全指标
2. An information security risk-driven investment model for analysing human factors [J] . Reza Alavi, Shareeful Islam, Haralambos Mouratidis Information management & computer security . 2016,第2期

机译：信息安全风险驱动的人为因素分析投资模型
3. Risk-Driven Security Metrics in Agile Software Development - An Industrial Pilot Study [J] . Reijo M. Savola, Christian Frühwirth, Ari Pietik?inen Journal of Universal Computer Science . 2012,第12期

机译：敏捷软件开发中的风险驱动型安全指标-工业试验研究
4. Towards integration of risk-driven and evidence-driven information security measurement [C] . Savola Reijo M. IEEE International Conference on Application of Information and Communication Technologies . 2014

机译：朝向风险驱动和证据驱动信息安全测量的整合
5. Exploring Security Process Improvements for Integrating Security Tools within a Software Application Development Methodology [D] . Jose, Crispin R. 2020

机译：探索在软件应用程序开发方法中集成安全工具的安全过程改进
6. Risk-driven security testing using risk analysis with threat modeling approach [O] . Maragathavalli Palanivel, Kanmani Selvadurai -1

机译：使用风险分析和威胁建模方法进行风险驱动的安全测试
7. Towards Security Effectiveness Evaluation for Cloud Services Selection following a Risk-Driven Approach [O] . Sarah Maroc, Jian Biao 2020

机译：在风险驱动的方法之后，对云服务选择的安全效率评估

Towards integration of risk-driven and evidence-driven information security measurement

摘要

著录项

相似文献

相关主题

期刊订阅