A Modern Approach on Information Security Measurement

Humpert-Vrielink, Frederik; Vrielink, Nina

doi:10.1007/978-3-658-00333-3_5

Cited by 3 publications

(3 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…-IT-security process oriented approach; Humpert-Vrielink and Vrielink (2012) proposed to view on the information security costs from IT and Security points of view. Author categorize costs into 4 groups such as: costs for tool, consulting costs, costs for operation and costs of risk.…”

Section: -The Security Measure Life-cycle Approach;mentioning

confidence: 99%

Controls-Based Approach for Evaluation of Information Security Standards Implementation Costs

Olifer

Goranin

Kačeniauskas

et al. 2017

Technological and Economic Development of Economy

View full text Add to dashboard Cite

According to the PricewaterhouseCoopers analysis, the average cost of a single information security and data protections breaches has increased twice during 2015 (Pricewaterhouse Coopers 2015). Amount of organizations who reported serious breach has also risen (from 9% in 2015 to 17% in 2016) (PricewaterhouseCoopers 2016). To achieve their goals criminals are using different techniques starting from Social engineering (phishing, whaling) and finishing with malware execution (such as ransomware) on target machines. Recent attacks (attack on Central Bank of Bangladesh, fraud attack on Mattel CEO and attack on Thailand state-run Government bank ATM) show, that criminals are very well organized, equipped and spend a lot of money and time to prepare their attacks. To protect themselves organizations are required to ensure security in depth principles and implement complex Security solutions, which are able to ensure the needed level of information security in appropriate costs. However, information security cost-benefits assessment is complicated, because of lack of structured cost-benefit methods and issues with comparing IT security solutions in light of prevailing uncertainties. Existing methods are oriented on processes, environment lifecycles or specific standard implementations. Because of that, existing methods do not cover all needed security areas and methods reusability is a complicated task. Trying to solve this issue, we have proposed a new method for information standards implementation costs evaluation, based on information security controls.

show abstract

Section: -The Security Measure Life-cycle Approach;mentioning

confidence: 99%

Controls-Based Approach for Evaluation of Information Security Standards Implementation Costs

Olifer

Goranin

Kačeniauskas

et al. 2017

Technological and Economic Development of Economy

View full text Add to dashboard Cite

show abstract

“…Most organisations do not have adequate tools or training to verify whether their organisation's practices are compliant with recommended guidelines [ 14 ]. Furthermore, organisations are also faced with a dilemma of how to ensure comprehensive measurement throughout the organisation and prove the effectiveness of the entire ISMS [ 15 ]. Since information security is a complex and multidimensional system with an enormous scope and volume of relevant data, ISec professionals are often overwhelmed and unable to develop effective assessment processes [ 16 ].…”

Section: Introductionmentioning

confidence: 99%

“…Since information security is a complex and multidimensional system with an enormous scope and volume of relevant data, ISec professionals are often overwhelmed and unable to develop effective assessment processes [ 16 ]. Hence, security managers mostly focus on technical goals and controls, while only few are capable of performing comprehensive multidimensional ISMS assessments down to the last level [ 15 , 17 ].…”

Section: Introductionmentioning

confidence: 99%

A real-world information security performance assessment using a multidimensional socio-technical approach

2020

View full text Add to dashboard Cite

Measuring the performance of information security is an essential part of the information security management system within organisations. Studies in the past mainly focused on establishing qualitative measurement approaches. Since these can lead to ambiguous conclusions, quantitative metrics are being increasingly proposed as a useful alternative. Nevertheless, the literature on quantitative approaches remains scarce. Thus, studies on the evaluation of information security performance are challenging, especially since many approaches are not tested in organisational settings. The paper aims to validate the model used for evaluating the performance of information security management system through a multidimensional socio-technical approach, in a real-world settings among medium-sized enterprises in Slovenia. The results indicate that information security is strategically defined and compliant, however, measures are primarily implemented at technical and operational levels, while its strategic management remains underdeveloped. We found that the biggest issues are related to information resources and risk management, where information security measurement-related activities proved to be particularly problematic. Even though enterprises do possess certain information security capabilities and are aware of the importance of information security, their current practices make it difficult for them to keep up with the fast-paced technological and security trends.

show abstract

Automation of harmonization, analysis and evaluation of information security requirements

Olifer¹

2019

View full text Add to dashboard Cite

A Modern Approach on Information Security Measurement

Cited by 3 publications

References 0 publications

Controls-Based Approach for Evaluation of Information Security Standards Implementation Costs

Controls-Based Approach for Evaluation of Information Security Standards Implementation Costs

A real-world information security performance assessment using a multidimensional socio-technical approach

Automation of harmonization, analysis and evaluation of information security requirements

Contact Info

Product

Resources

About