Vorträge und Posterpräsentationen (mit Tagungsband-Eintrag):
S. Fenz:
"Ontology-based Generation of IT-Security Metrics";
Vortrag: 25th ACM Symposium on Applied Computing (SAC 2010),
Sierre, Switzerland;
22.03.2010
- 26.03.2010; in: "Proceedings of the 25th ACM Symposium on Applied Computing (SAC 2010)",
ACM,
(2010),
ISBN: 978-1-60558-638-0;
S. 1833
- 1839.
Kurzfassung englisch:
Legal regulations and industry standards require organizations to measure and maintain a specified IT-security level. Although several IT-security metrics approaches have been developed, a methodology for automatically generating ISO 27001-based IT-security metrics based on concrete organization-specific control implementation knowledge is missing. Based on the security ontology by Fenz et al., including information security domain knowledge and the necessary structures to incorporate organization-specific facts into the ontology, this paper proposes a methodology for automatically generating ISO 27001-based IT-security metrics. The conducted validation has shown that the research results are a first step towards increasing the degree of automation in the field of IT-security metrics. Using the introduced methodology, organizations are enabled to evaluate their compliance with information security standards, and to evaluate control implementations' effectiveness at the same time.
"Offizielle" elektronische Version der Publikation (entsprechend ihrem Digital Object Identifier - DOI)
http://dx.doi.org/10.1145/1774088.1774478
Elektronische Version der Publikation:
http://publik.tuwien.ac.at/files/PubDat_185912.pdf
Zugeordnete Projekte:
Projektleitung A Min Tjoa:
Security Ontologies