Systematic approaches to measuring security are needed in order to obtain evidence of the security performance of products or an organization. In this study we survey the emerging...
The importance of educating organizational end users about their roles and responsibilities towards information security is widely acknowledged. However, many current user educati...
Information security evaluation of software-intensive systems typically relies heavily on the experience of the security professionals. Obviously, automated approaches are needed ...
Legal regulations and industry standards require organizations to measure and maintain a specified IT-security level. Although several IT-security metrics approaches have been de...
IDS research still needs to strengthen mathematical foundations and theoretic guidelines. In this paper, we build a formal framework, based on information theory, for analyzing and...
Guofei Gu, Prahlad Fogla, David Dagon, Wenke Lee, ...