用于评估组织IT安全性的安全度量

Proceedings of the 8th International Conference on Theory and Practice of Electronic Governance Pub Date : 2014-10-27 DOI:10.1145/2691195.2691275

T. Pereira, Henrique M. Dinis Santos

{"title":"用于评估组织IT安全性的安全度量","authors":"T. Pereira, Henrique M. Dinis Santos","doi":"10.1145/2691195.2691275","DOIUrl":null,"url":null,"abstract":"Organizations have moved their business activity to the Internet and mobile applications, which make them more exposed to unexpected and underestimated security risks. This fact requires organizations to implement adequate security controls as well as the respective monitoring and evaluation on a regular basis. However, these tasks require strong arguments (in monetary terms) to justify the return of investment in the security controls. In this context, it is crucial for organizations to define metrics to assess the efficiency of the implemented controls, to justify the security investments. This paper highlights some reflections regarding the definition of meaningful metrics of security controls, to deliver actionable information for decision makers for managing their organizational assets and ensure their day-to-day operations.","PeriodicalId":352305,"journal":{"name":"Proceedings of the 8th International Conference on Theory and Practice of Electronic Governance","volume":"29 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-10-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":"{\"title\":\"Security metrics to evaluate organizational IT security\",\"authors\":\"T. Pereira, Henrique M. Dinis Santos\",\"doi\":\"10.1145/2691195.2691275\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Organizations have moved their business activity to the Internet and mobile applications, which make them more exposed to unexpected and underestimated security risks. This fact requires organizations to implement adequate security controls as well as the respective monitoring and evaluation on a regular basis. However, these tasks require strong arguments (in monetary terms) to justify the return of investment in the security controls. In this context, it is crucial for organizations to define metrics to assess the efficiency of the implemented controls, to justify the security investments. This paper highlights some reflections regarding the definition of meaningful metrics of security controls, to deliver actionable information for decision makers for managing their organizational assets and ensure their day-to-day operations.\",\"PeriodicalId\":352305,\"journal\":{\"name\":\"Proceedings of the 8th International Conference on Theory and Practice of Electronic Governance\",\"volume\":\"29 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2014-10-27\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"5\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 8th International Conference on Theory and Practice of Electronic Governance\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/2691195.2691275\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 8th International Conference on Theory and Practice of Electronic Governance","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2691195.2691275","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 5

摘要

企业已经将他们的业务活动转移到互联网和移动应用程序上，这使得他们更多地暴露在意想不到的和被低估的安全风险之下。这一事实要求组织实施充分的安全控制，并在定期的基础上进行相应的监控和评估。然而，这些任务需要强有力的论据(在货币方面)来证明对安全控制的投资回报是合理的。在这种情况下，组织定义度量来评估实现控制的效率，以证明安全投资的合理性是至关重要的。本文强调了关于安全控制的有意义度量的定义的一些反思，为决策者提供可操作的信息，以管理他们的组织资产并确保他们的日常操作。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Security metrics to evaluate organizational IT security

Organizations have moved their business activity to the Internet and mobile applications, which make them more exposed to unexpected and underestimated security risks. This fact requires organizations to implement adequate security controls as well as the respective monitoring and evaluation on a regular basis. However, these tasks require strong arguments (in monetary terms) to justify the return of investment in the security controls. In this context, it is crucial for organizations to define metrics to assess the efficiency of the implemented controls, to justify the security investments. This paper highlights some reflections regarding the definition of meaningful metrics of security controls, to deliver actionable information for decision makers for managing their organizational assets and ensure their day-to-day operations.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings of the 8th International Conference on Theory and Practice of Electronic Governance

自引率

0.00%

发文量