skip to main content
10.1145/1314257.1314266acmconferencesArticle/Chapter ViewAbstractPublication PagesccsConference Proceedingsconference-collections
Article

Towards a taxonomy for information security metrics

Published: 29 October 2007 Publication History

Abstract

Systematic approaches to measuring security are needed in order to obtain evidence of the security performance of products or an organization. In this study we survey the emerging security metrics approaches from the academic, governmental and industrial perspectives and aim to bridge the gap between information security management and Information and Communication Technology (ICT) product security practices. If common metrics approaches between different security disciplines can be found, this will advance our holistic understanding and capabilities, both in management and engineering practices.

References

[1]
Bellovin, S. M. On the Brittleness of Software and the Infeasibility of Security Metrics. IEEE Security & Privacy, Jul/Aug, 2006, 96.
[2]
Burris, P., King, C. A Few Good Security Metrics. METAGroup, Inc., Oct. 2000.
[3]
Henning, R. et al. Proc. of Workshop on Information Security System, Scoring and Ranking - Information System Security Attribute Quantification or Ordering, ACSA and MITRE, Williamsburg, Virginia, May 2001, 2002
[4]
ISO/IEC 17799:2005. Information Technology - Security Techniques - Code of Practice for Information Security Management. ISO, 2005.
[5]
Jelen, G. SSE-CMM Security Metrics. NIST and CSSPAB Workshop, Washington, D.C., June, 2000.
[6]
McHugh, J. Quantitative Measures of Assurance: Prophecy, Process or Pipedream? Proc. of Workshop on Information Security System Scoring and Ranking (WISSSR), ACSA and MITRE, Williamsburg, Virginia, May 2001, 2002
[7]
Payne, S. C. A Guide to Security Metrics. SANS Institute Information Security Reading Room, June, 2006.
[8]
Seddigh, N., Pieda, P., Matrawy, A., Nandy, B., Lambadaris, I., Hatfield, A. Current Trends and Advances in Information Assurance Metrics. Proc. of the 2nd Ann. Conf. Privacy, Security and Trust (PST 2004), Fredericton, NB, Oct., 2004.
[9]
Stoddard, M. et al. Process Control System Security Metrics - State of Practice. I3P Institute for Information Infrastructure Protection Research Report No. 1, Aug., 2005.
[10]
Swanson, M. Security Self-Assessment Guide for Information Technology Systems. NIST Special Publication 800-26, Nov., 2001.
[11]
Swanson, M., Bartol, N., Sabato, J., Hash, J., Graffo, L. Security Metrics Guide for Information Technology Systems. NIST Special Publication 800-55, Jul., 2003.
[12]
Vaughn, R., Henning, R. and Siraj, A. Information Assurance Measures and Metrics: State of Practice and Proposed Taxonomy. Proc. of 36th Hawaii Int. Conf. on System Sciences HICSS 03., 2003.

Cited By

View all
  • (2023)Towards the Creation of Interdisciplinary Consumer-Oriented Security Metrics2023 IEEE 20th Consumer Communications & Networking Conference (CCNC)10.1109/CCNC51644.2023.10060733(957-958)Online publication date: 8-Jan-2023
  • (2023)Technical performance metrics of a security operations centerComputers and Security10.1016/j.cose.2023.103529135:COnline publication date: 1-Dec-2023
  • (2022)Metrics for Cyber-Physical Security: a call to action2022 International Symposium on Networks, Computers and Communications (ISNCC)10.1109/ISNCC55209.2022.9851735(1-4)Online publication date: 19-Jul-2022
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
QoP '07: Proceedings of the 2007 ACM workshop on Quality of protection
October 2007
64 pages
ISBN:9781595938855
DOI:10.1145/1314257
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 29 October 2007

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. information assurance
  2. information security metrics
  3. network security
  4. security assurance
  5. software security

Qualifiers

  • Article

Conference

CCS07
Sponsor:

Upcoming Conference

CCS '25

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)18
  • Downloads (Last 6 weeks)1
Reflects downloads up to 20 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2023)Towards the Creation of Interdisciplinary Consumer-Oriented Security Metrics2023 IEEE 20th Consumer Communications & Networking Conference (CCNC)10.1109/CCNC51644.2023.10060733(957-958)Online publication date: 8-Jan-2023
  • (2023)Technical performance metrics of a security operations centerComputers and Security10.1016/j.cose.2023.103529135:COnline publication date: 1-Dec-2023
  • (2022)Metrics for Cyber-Physical Security: a call to action2022 International Symposium on Networks, Computers and Communications (ISNCC)10.1109/ISNCC55209.2022.9851735(1-4)Online publication date: 19-Jul-2022
  • (2022)Role of MD5 Message-Digest Algorithm for Providing Security to Low-Power Devices2022 6th International Conference on Intelligent Computing and Control Systems (ICICCS)10.1109/ICICCS53718.2022.9788249(352-358)Online publication date: 25-May-2022
  • (2022)Security Metrics and Applications for the Information and Communications Technology Industry2022 2nd International Conference on Advance Computing and Innovative Technologies in Engineering (ICACITE)10.1109/ICACITE53722.2022.9823717(480-486)Online publication date: 28-Apr-2022
  • (2022)Security Metrics and Applications for the Information and Communications Technology Industry2022 2nd International Conference on Advance Computing and Innovative Technologies in Engineering (ICACITE)10.1109/ICACITE53722.2022.9823701(518-524)Online publication date: 28-Apr-2022
  • (2020)Security Operations Center: A Systematic Study and Open ChallengesIEEE Access10.1109/ACCESS.2020.30455148(227756-227779)Online publication date: 2020
  • (2020)Development of an Information Security Management Model for Enterprise Automated SystemsAdvanced Information Networking and Applications10.1007/978-3-030-44041-1_108(1265-1277)Online publication date: 28-Mar-2020
  • (2020)Aggregating Corporate Information Security Maturity Levels of Different AssetsPrivacy and Identity Management. Data for Better Living: AI and Privacy10.1007/978-3-030-42504-3_24(376-392)Online publication date: 6-Mar-2020
  • (2019)Designing Sound Security MetricsInternational Journal of Systems and Software Security and Protection10.4018/IJSSSP.201901010110:1(1-21)Online publication date: Jan-2019
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media