Sciweavers

SAC
2010
ACM

Ontology-based generation of IT-security metrics

14 years 6 months ago
Ontology-based generation of IT-security metrics
Legal regulations and industry standards require organizations to measure and maintain a specified IT-security level. Although several IT-security metrics approaches have been developed, a methodology for automatically generating ISO 27001-based IT-security metrics based on concrete organization-specific control implementation knowledge is missing. Based on the security ontology by Fenz et al., including information security domain knowledge and the necessary structures to incorporate organization-specific facts into the ontology, this paper proposes a methodology for automatically generating ISO 27001-based IT-security metrics. The conducted validation has shown that the research results are a first step towards increasing the degree of automation in the field of IT-security metrics. Using the introduced methodology, organizations are enabled to evaluate their compliance with information security standards, and to evaluate control implementations’ effectiveness at the same ti...
Stefan Fenz
Added 17 May 2010
Updated 17 May 2010
Type Conference
Year 2010
Where SAC
Authors Stefan Fenz
Comments (0)