Security metrics to improve information security management
Details
Serval ID
serval:BIB_32B2F634FF95
Type
Inproceedings: an article in a conference proceedings.
Collection
Publications
Institution
Title
Security metrics to improve information security management
Title of the conference
Proceedings of 6th Annual Security Conference
Address
Las Vegas, Nevada, USA
Publication state
Published
Issued date
04/2007
Peer-reviewed
Oui
Language
english
Abstract
The concept of security metrics is a very important aspect for information security management. Security metrics are tools to facilitate decision making and to improve performance and accountability. The aim of information security is to ensure business continuity and minimise business damage by preventing and minimising the impact of security incidents. In that way security is not only a technical matter. In a security metrics generation perspective, organizations must take into consideration all information security dimensions including technical, organizational, human and conformity aspects in order to be competitive whilst providing stakeholders detailed information about the complete structure of the organizations’ information security and risk treatment processes. This paper discusses ways to identify the right metrics to measure security preparedness and awareness within an organization.
Keywords
Information Security, Risk assessment, Security metrics, Security management efficiency, ISO 27001 and ISO 17799 standards
Create date
05/02/2008 11:12
Last modification date
20/08/2019 13:18