Design and implementation of a framework for security metrics creation
Independent thesis Advanced level (professional degree), 20 credits / 30 HE creditsStudent thesisAlternative title
Konstruktion och användning av ett ramverk för säkerhetsmetriker (Swedish)
Measuring information security is the key to unlocking the knowledge of how secure information systems really are. In order to perform these measurements, security metrics can be used. Since all systems and organizations are different, there is no single set of metrics that is generally applicable. In order to help organizations create metrics, this thesis will present a metrics creation framework providing a structured way of creating the necessary metrics for any information system. The framework takes a high level information security goal as input, and transforms it to metrics using decomposition of goals that are then inserted into a template. The thesis also presents a set of metrics based on a minimum level of information security produced by the Swedish emergency management agency. This set of metrics can be used to show compliance with the minimum level or as a base when a more extensive metrics program is created.
Place, publisher, year, edition, pages
2009. , 138 p.
Information security, Metrics framework, Security assessment
Computer and Information Science
IdentifiersURN: urn:nbn:se:liu:diva-18217ISRN: LITH-ISY-EX—09/4224—SEOAI: oai:DiVA.org:liu-18217DiVA: diva2:220476
2009-04-24, Systemet, Linköping University, 15:15 (English)
Hallberg, Jonas, Dr
Fåk, Viiveke, Associate Professor