{"title":"Security level evaluation with F4SLE","authors":"M. Seeba, Tarmo Oja, M. Murumaa, Václav Stupka","doi":"10.1145/3600160.3605045","DOIUrl":null,"url":null,"abstract":"In the realm of security measurements, extensive efforts have been made to evaluate and compare security levels at the country level, resulting in various indices. However, there has been a dearth of evaluations focusing on the information security posture of individual organizations and simultaneously on state-level status evaluation. Such evaluations hold significant potential for providing valuable feedback on the security status of organizations and facilitating assessments and supportive data-driven focused interventions at a national level. This study leverages the Framework for Security Level Evaluation (F4SLE) and the developed tool, Measurement Application for Self-assessing Security (MASS), to collect data for the evaluation. The paper presents diverse options for interpreting the collected data and establishes the foundation for an ongoing cross-country study. The results encompass the analysis of organization-level data and offer insights into overall approaches to security across organizations. This study is a preliminary step toward a more comprehensive information security examination.","PeriodicalId":107145,"journal":{"name":"Proceedings of the 18th International Conference on Availability, Reliability and Security","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2023-08-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 18th International Conference on Availability, Reliability and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3600160.3605045","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
In the realm of security measurements, extensive efforts have been made to evaluate and compare security levels at the country level, resulting in various indices. However, there has been a dearth of evaluations focusing on the information security posture of individual organizations and simultaneously on state-level status evaluation. Such evaluations hold significant potential for providing valuable feedback on the security status of organizations and facilitating assessments and supportive data-driven focused interventions at a national level. This study leverages the Framework for Security Level Evaluation (F4SLE) and the developed tool, Measurement Application for Self-assessing Security (MASS), to collect data for the evaluation. The paper presents diverse options for interpreting the collected data and establishes the foundation for an ongoing cross-country study. The results encompass the analysis of organization-level data and offer insights into overall approaches to security across organizations. This study is a preliminary step toward a more comprehensive information security examination.