Abstract
Measuring the security of an Information System has become a critical issue in the era of Information Technology. As any other process, security can not be improved, if it can not be measured. The need of security metrics is important for assessing the current security status. Since all systems and organizations are different, there is no single set of metrics that is generally applicable. This paper presents an algorithm to develop the necessary security metrics for assessing the information system in a structured way and a quantitative evaluation model with qualitative decision based on Analytic Hierarchy Process (AHP) to measure the security level of the Information System. At last, a test case is given to illustrate the algorithm and effectiveness of this model.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Savola, R.: A Security Metrics Development Method for Software Intensive Systems. In: ISA 2009. CCIS, vol. 36, pp. 11–16. Springer, Heidelberg (2009)
Parker, D.B.: Computer Security Management. Reston Publishing Company, Reston (1981)
Roberts, F.: Measurement Theory, with Applications to Decision-Making, Utility, and the Social Sciences. Addison-Wesley, Reading (1979)
Swanson M., Nadya B., Sabato J., Hash J., Graffo L.: Security Metrics Guide for Information Technology Systems, National Institute of Standards and Technology Special Publication #800-26NIST 800-55 (2003)
Saaty, T.: The Analytic Hierarchy Process. McGraw-Hill, New York (1980)
Wang, C., Wulf, W.A.: Towards a Framework for Security Measurement. In: 20th National Information Systems Security Conference, Baltimore, MD, USA, pp. 522–533 (October 1997)
Hallberg, J., Hunstad, A., Peterson, M.: A Framework for System Security Assessment. In: Proceedings of Sixth Annual IEEE SMC Information Assurance Workshop, IAW 2005, 224–231 (2005)
Vaughn Jr., R.B., Henning, R., Siraj, A.: Information Assurance Measures and Metrics - State of Practice and Proposed Taxonomy. In: 36th Annual Hawaii International Conference on System Sciences Proceedings, p. 10 (2003)
WISSRR Workshop Proceedings, Security System Scoring and Ranking, ACSA (May 2001)
ISO27002: The ISO 27001 and ISO 27002 Directory, http://www.27002.net
Introduction to ISO 27002 / ISO27002, http://www.27000.org/iso-27002.htm
Introduction to ISO 27004 / ISO27004, http://www.27000.org/iso-27004.htm
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Thalia, S., Tuteja, A., Dutta, M. (2011). An Algorithm Design to Evaluate the Security Level of an Information System. In: Das, V.V., Stephen, J., Chaba, Y. (eds) Computer Networks and Information Technologies. CNC 2011. Communications in Computer and Information Science, vol 142. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-19542-6_12
Download citation
DOI: https://doi.org/10.1007/978-3-642-19542-6_12
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-19541-9
Online ISBN: 978-3-642-19542-6
eBook Packages: Computer ScienceComputer Science (R0)