Inproceedings: an article in a conference proceedings.
Security metrics to improve information security management
Title of the conference
Proceedings of 6th Annual Security Conference
Las Vegas, Nevada, USA
The concept of security metrics is a very important aspect for information security management. Security metrics are tools to facilitate decision making and to improve performance and accountability. The aim of information security is to ensure business continuity and minimise business damage by preventing and minimising the impact of security incidents. In that way security is not only a technical matter. In a security metrics generation perspective, organizations must take into consideration all information security dimensions including technical, organizational, human and conformity aspects in order to be competitive whilst providing stakeholders detailed information about the complete structure of the organizations’ information security and risk treatment processes. This paper discusses ways to identify the right metrics to measure security preparedness and awareness within an organization.
Information Security, Risk assessment, Security metrics, Security management efficiency, ISO 27001 and ISO 17799 standards
Last modification date