By Topic

A Policy-Based Metrics Framework for Information Security Performance Measurement

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Martin, C. ; Univ. of Ontario Inst. of Technol., Oshawa ; Refai, M.

In this article we are proposing a new approach to measure and monitor overall IT security performance. This approach is based on a policy-based frame work that establishes a methodology to measure security performance; it also incorporates a policy performance indicator. The framework is composed of a number of interacting components: security policies and procedures model, a business security goal and targets repository, a set of security measurement processes, a metrics development and analysis process, and a central metrics and measurement model. Lastly a module that derives an overall security posture and generates reports detects trends and develops recommendations. Our approach assists in determining the security posture of an organization, which is becoming a necessity for legal and regulatory compliance.

Published in:

Business-Driven IT Management, 2007. BDIM '07. 2nd IEEE/IFIP International Workshop on

Date of Conference:

21-21 May 2007