Security metrics to improve information security management

Détails

ID Serval
serval:BIB_32B2F634FF95
Type
Actes de conférence (partie): contribution originale à la littérature scientifique, publiée à l'occasion de conférences scientifiques, dans un ouvrage de compte-rendu (proceedings), ou dans l'édition spéciale d'un journal reconnu (conference proceedings).
Collection
Publications
Institution
Titre
Security metrics to improve information security management
Titre de la conférence
Proceedings of 6th Annual Security Conference
Auteur⸱e⸱s
Tashi I., Ghernaouti-Hélie S.
Adresse
Las Vegas, Nevada, USA
Statut éditorial
Publié
Date de publication
04/2007
Peer-reviewed
Oui
Langue
anglais
Résumé
The concept of security metrics is a very important aspect for information security management. Security metrics are tools to facilitate decision making and to improve performance and accountability. The aim of information security is to ensure business continuity and minimise business damage by preventing and minimising the impact of security incidents. In that way security is not only a technical matter. In a security metrics generation perspective, organizations must take into consideration all information security dimensions including technical, organizational, human and conformity aspects in order to be competitive whilst providing stakeholders detailed information about the complete structure of the organizations’ information security and risk treatment processes. This paper discusses ways to identify the right metrics to measure security preparedness and awareness within an organization.
Mots-clé
Information Security, Risk assessment, Security metrics, Security management efficiency, ISO 27001 and ISO 17799 standards
Création de la notice
05/02/2008 11:12
Dernière modification de la notice
20/08/2019 13:18
Données d'usage