Home   >   CSC-OpenAccess Library   >    Manuscript Information
Full Text Available

(105.2KB)
This is an Open Access publication published under CSC-OpenAccess Policy.
Measuring Information Security: Understanding And Selecting Appropriate Metrics
Perpétus Jacques Houngbo , Joël Toyigbé Hounsou
Pages - 108 - 120     |    Revised - 31-03-2015     |    Published - 30-04-2015
Volume - 9   Issue - 2    |    Publication Date - March / April 2015  Table of Contents
MORE INFORMATION
KEYWORDS
Information Quality, Measurement, Metric, Performance.
ABSTRACT
Thanks to numerous information in newspapers about data leaks, advocacy for information security is no more that difficult. But on the practical side, it is usually tough time for information security professionals when they have to demonstrate the value of information security to their organizations; they have so much metrics available on hand that making the right selection is far from obvious. This paper is about understanding the metrics that are available and discussing how to use them in some specific less developed economies.
CITED BY (0)  
1 Google Scholar
2 CiteSeerX
3 refSeek
4 TechRepublic
5 ResearchGATE
6 Scribd
7 SlideShare
8 PdfSR
1 P. Institute, 2014 Cost of Cyber Crime Study: United States. 2014.
2 PwC, Information security breaches survey 2014 - technical report. 2014.
3 PwC, Managing cyber risks in an interconnected world Key findings from The Global State of Information Security Survey 2015. 2014.
4 A. Union, The 23rd Ordinary Session of the African Union ends in Malabo - African Union. 2014.
5 A. Jaquith, Security metrics: replacing fear, uncertainty, and doubt. Upper Saddle River, NJ: Addison-Wesley, 2007.
6 A. C. S. Associates, Information System Security Attribute Quantification or Ordering (Commonly but improperly known as Security Metrics). 2001.
7 P. E. Black, K. Scarfone, and M. Souppaya, Cyber security metrics and measures, Wiley Handb. Sci. Technol. Homel. Secur., 2008.
8 V. Verendel, Quantified security is a weak hypothesis: a critical survey of results and assumptions, in Proceedings of the 2009 workshop on New security paradigms workshop, 2009, pp. 3750.
9 S. C. Payne, A guide to security metrics, Inst. Inf. Secur. Read. Room, 2006.
10 D. Hubbard, Measure for measure: The Actuary, official magazine of SIAS and The Actuarial Profession. 2014.
11 F. Cohen, Measuring security, 2011.
12 T. Kanstrn, R. Savola, A. Evesti, H. Pentikinen, A. Hecker, M. Ouedraogo, K. Htnen, P. Halonen, C. Blad, O. Lpez, and others, Towards an abstraction layer for Security Assurance measurements, in Proceedings of the Fourth European Conference on Software Architecture: Companion Volume, 2010, pp. 189196.
13 K.-E. Sveiby, Methods for Measuring Intangible Assets. 2010.
14 R. Barabanov, S. Kowalski, and L. Yngstrm, Information Security Metrics: State of the Art: State of the art, 2011.
15 G. Hinson and K. Brotby, Getting started with security metrics. 2014.
16 ITU-T, -T X.1520 (01/2014) Common vulnerabilities and exposures. 2014.
17 R. A. Martin, Making Security Measurable and Manageable, Nov. 2008.
18 T. C. for I. Security, The CIS Security Metrics. 2010.
19 J. Breier and L. Hudec, Risk analysis supported by information security metrics, in Proceedings of the 12th International Conference on Computer Systems and Technologies, 2011, pp. 393398.
20 M. M. Gamal, B. Hasan, and A. F. Hegazy, A Security Analysis Framework Powered by an Expert System, Int. J. Comput. Sci. Secur. IJCSS, vol. 4, no. 6, p. 505, 2011.
21 M. Hoehl, Creating a monthly Information Security Scorecard for CIO and CFO. SANS Institute, 2010.
22 S. Noel and S. Jajodia, Metrics Suite for Network Attack Graph Analytics, 2014.
23 L. Wang, S. Jajodia, A. Singhal, P. Cheng, and S. Noel, k-Zero day safety: A network security metric for measuring the risk of unknown vulnerabilities, 2014.
24 E. Chew, M. Swanson, K. Stine, N. Bartol, A. Brown, and W. Robinson, Performance Measurement Guide for Information Security NIST Special Publication 800-55 Revision 1. 2008.
25 P. O. Imeokparia, K. Ediagbonya, and others, Small and Medium Scale Enterprises (SMEs): A Catalyst in Promoting Economic Development in Nigeria, J. Educ. Pract., vol. 5, no. 33, pp. 9298, 2014.
26 V. Mulango, SMEs crucial for Africa Transformation Agenda. Nov-2014.
27 M. Kimwele, W. Mwangi, and S. Kimani, Information technology (IT) security framework for Kenyan small and medium enterprises (SMEs), Int. J. Comput. Sci. Secur. IJCSS, vol. 5, no. 1, p. 39, 2011.
28 I. S. P. Council, The Basic Policy of Critical Information Infrastructure Protection (3rd Edition). 2014.
29 DTCC, Cyber risk - a global systemic threat. 2014.
30 O. of C. and C.- DHS, FY 2014 Chief Information Officer Federal Information Security Management Act Micro Agency Reporting Metrics v1.1. 2014.
31 O. O. M. A. BUDGET, Annual report to congress: may 1, 2014. 2014.
Mr. Perpétus Jacques Houngbo
Institut de Mathématiques et de Sciences Physiques (IMSP) - Benin
jacques.houngbo@auriane-etudes.com
Dr. Joël Toyigbé Hounsou
Institut de Mathématiques et de Sciences Physiques (IMSP) Dangbo, Benin - Benin