Logo des Repositoriums
 
Konferenzbeitrag

Towards solving the data problem in measurement of organizations’ security

Lade...
Vorschaubild

Volltext URI

Dokumententyp

Text/Conference Paper

Zusatzinformation

Datum

2008

Zeitschriftentitel

ISSN der Zeitschrift

Bandtitel

Verlag

Gesellschaft für Informatik e. V.

Zusammenfassung

Awareness of security has risen during the last years. As a result, the question of adequate protection against security risks increased, too. Management wants to decide whether and how to invest in this protection. As a result, quantitative statements about information-security risks are needed. Existing approaches in this domain either rely on guessed data or do not answer the question in a quantitative way. We think that this is due to the fact that no approach separates information that can be provided by a central organization (e.g. known attacks, available controls, and a control’s probability of protection) from information which must be provided individually (e.g. the controls installed). We have developed an approach that employs this separation and allows quantitative assessment of security with the help of a model. This model is presented here with a special look at the separation.

Beschreibung

Weiß, Steffen; Meyer-Wegener, Klaus (2008): Towards solving the data problem in measurement of organizations’ security. SICHERHEIT 2008 – Sicherheit, Schutz und Zuverlässigkeit. Beiträge der 4. Jahrestagung des Fachbereichs Sicherheit der Gesellschaft für Informatik e.V. (GI). Bonn: Gesellschaft für Informatik e. V.. PISSN: 1617-5468. ISBN: 978-3-88579-222-2. pp. 461-472. Regular Research Papers. Saarbrücken. 2.- 4. April 2008

Schlagwörter

Zitierform

DOI

Tags