Implementation of an IT security measurement method for the evaluation of IT security in micro-enterprises

Abstract

This paper presents a proposal for an application-oriented implementation of an existing multidimensional IT security measurement method. The result is a software tool (IT-Tool) which is used to measure the internal and external perspective on the IT security of an enterprise. The measured values are being classified with the help of a defined metric into different IT security levels. The aim of the self-measurement IT-Tool is to increase the IT security awareness of the enterprise by comparing the internal and external perspective as well as to derive concrete measures to improve the IT security of the enterprise. The entire IT security measurement method is based on the multiple German industry IT security framework conditions and is initially designed for craftwork micro-enterprises (1 – 9 employees). In addition, a suggestion for the evaluation of the tool presented here is described.