Talks and Poster Presentations (with Proceedings-Entry):
"Ontology-based Generation of IT-Security Metrics";
Talk: 25th ACM Symposium on Applied Computing (SAC 2010),
- 2010-03-26; in: "Proceedings of the 25th ACM Symposium on Applied Computing (SAC 2010)",
Legal regulations and industry standards require organizations to measure and maintain a specified IT-security level. Although several IT-security metrics approaches have been developed, a methodology for automatically generating ISO 27001-based IT-security metrics based on concrete organization-specific control implementation knowledge is missing. Based on the security ontology by Fenz et al., including information security domain knowledge and the necessary structures to incorporate organization-specific facts into the ontology, this paper proposes a methodology for automatically generating ISO 27001-based IT-security metrics. The conducted validation has shown that the research results are a first step towards increasing the degree of automation in the field of IT-security metrics. Using the introduced methodology, organizations are enabled to evaluate their compliance with information security standards, and to evaluate control implementations' effectiveness at the same time.
"Official" electronic version of the publication (accessed through its Digital Object Identifier - DOI)
Electronic version of the publication:
Project Head A Min Tjoa:
Created from the Publication Database of the Vienna University of Technology.