Home // ICNS 2012, The Eighth International Conference on Networking and Services // View article
Authors:
Reijo Savola
Teemu Kanstrén
Heimo Pentikäinen
Petri Jurmu
Mauri Myllyaho
Kimmo Hätönen
Keywords: Security; metrics; monitoring; risk analysis
Abstract:
Practical measurement of information security of telecoms services is a remarkable challenge because of the lack of applicable generic tools and methods, the difficult-to-predict nature of security risks, the complexity of the systems, and the low observability of security issues in them. We discuss our experiences in utilizing a risk-driven methodology and associated measurement architecture in a practical case study. Effectiveness and efficiency are of main interest to stakeholders responsible for security. We note, however, that security configuration correctness and compliance with requirements are, in practice, the core objectives from an operational perspective. For these objectives there is more evidence available and it is easier to attain it. Our findings in this case study show a need for a wide range of security metrics to offer sufficient evidence of the design, implementation, and deployment of security controls. The case study also shows how visualization tools can be used efficiently to support the management of collections of these metrics.
Pages: 134 to 142
Copyright: Copyright (c) IARIA, 2012
Publication date: March 25, 2012
Published in: conference
ISSN: 2308-4006
ISBN: 978-1-61208-186-1
Location: St. Maarten, The Netherlands Antilles
Dates: from March 25, 2012 to March 30, 2012