Security Excellence: Fusing Security Metrics into a Business Excellence Model

摘要

The European Foundation for Quality Management's Excellence Model is a highly recognized business framework that has been implemented in many European countries to achieve Business Excellence. It is a documented approach to determine the overall Total Quality Management (TQM) practices of an organization by assessing nine different criteria. Conversely, the US National Institute of Standards and Technology (NIST) has outlined a set of security metrics that are categorized into managerial, operational and technical controls that can be used to express the security posture of an organization. In this paper, we propose to integrate these two domains to produce a comprehensive security framework based on underlying TQM practices and principles. Hence, we have created security metrics that are more accurate in reflecting the holistic state of a business and all its important aspects including IT security aspects that were not formally considered before.