Towards integration of risk-driven and evidence-driven information security measurement

机译：跨越风险驱动和证据驱动信息安全测量的整合

获取原文

页面导航

摘要
著录项
相似文献
相关主题

摘要

Carefully designed information security metrics enable informed and effective decision making. However, the current state of the art of developing security metrics is not sufficiently advanced. A major challenge is that typically the risk-driven (top-down modelling) and evidence-driven (bottom-up monitoring) metrics approaches are not aligned, and often used separately. Consequently, it is not possible to understand the impact of monitored evidence to actual security risk. A crosscut model for risk-driven and evidence-driven security metrology is needed. We analyze the concepts needed to be able to integrate these two main approaches.

机译：精心设计的信息安全度量能够提供通知和有效的决策。然而，发展安全指标的当前状态不足以高达。主要挑战是通常，风险驱动（自上而下建模）和证据驱动（自下而上监测）度量方法未对齐，并且通常单独使用。因此，不可能了解监控证据对实际安全风险的影响。需要用于风险驱动和证据驱动的安全计量的横切模型。我们分析了能够整合这两种主要方法所需的概念。

著录项

来源
《IEEE International Conference on Application of Information and Communication Technologies》|2014年||共6页
会议地点
作者
Savola Reijo M.;
展开▼
作者单位

展开▼
会议组织
原文格式 PDF
正文语种
中图分类通信;
关键词
decision making; security of data; bottom-up monitoring metrics; decision making; evidence-driven information security measurement; evidence-driven metrics; evidence-driven security metrology; information security metrics; risk-driven information security measurement; risk-driven metrics; risk-driven security metrology; top-down modelling metrics; Authentication; Measurement; Medical services; Monitoring; Sensors; Visualization; Security metrics; risk analysis; security monitoring;

机译：决策;数据安全;自下而上的监测指标;决策;证据驱动信息安全测量;证据驱动的指标;证据驱动的安全计量;信息安全指标;风险驱动信息安全测量;风险驱动的指标;风险驱动的指标;风险驱动的指标;风险驱动的指标;风险驱动的指标;风险驱动的指标;风险驱动的指标;风险驱动的指标;风险驱动的指标;风险驱动的指标;风险驱动的指标;风险驱动的安全计量;自上而下的建模度量;认证;测量;医疗服务;监测;传感器;可视化;安全指标;风险分析;安全监测;

相似文献

外文文献
中文文献
专利

1. Risk-driven security metrics for an Android smartphone application [J] . Reijo M. Savola, Markku Kylänpää, Habtamu Abie International Journal of Electronic Business . 2020,第4期

机译：Android智能手机应用程序的风险驱动安全指标
2. An information security risk-driven investment model for analysing human factors [J] . Reza Alavi, Shareeful Islam, Haralambos Mouratidis Information management & computer security . 2016,第2期

机译：信息安全风险驱动的人为因素分析投资模型
3. Risk-Driven Security Metrics in Agile Software Development - An Industrial Pilot Study [J] . Reijo M. Savola, Christian Frühwirth, Ari Pietik?inen Journal of Universal Computer Science . 2012,第12期

机译：敏捷软件开发中的风险驱动型安全指标-工业试验研究
4. Towards integration of risk-driven and evidence-driven information security measurement [C] . Savola Reijo M. IEEE International Conference on Application of Information and Communication Technologies . 2014

机译：致力于整合风险驱动和证据驱动的信息安全度量
5. Exploring Security Process Improvements for Integrating Security Tools within a Software Application Development Methodology [D] . Jose, Crispin R. 2020

机译：探索在软件应用程序开发方法中集成安全工具的安全过程改进
6. Risk-driven security testing using risk analysis with threat modeling approach [O] . Maragathavalli Palanivel, Kanmani Selvadurai -1

机译：使用风险分析和威胁建模方法进行风险驱动的安全测试
7. Towards Security Effectiveness Evaluation for Cloud Services Selection following a Risk-Driven Approach [O] . Sarah Maroc, Jian Biao 2020

机译：在风险驱动的方法之后，对云服务选择的安全效率评估

Towards integration of risk-driven and evidence-driven information security measurement

摘要

著录项

相似文献

相关主题

期刊订阅