Mathematical foundation needed for development of IT security metrics
Independent thesis Basic level (professional degree), 20 points / 30 hpStudent thesis
IT security metrics are used to achieve an IT security assessment of certain parts of the IT security environment. There is neither a consensus of the definition of an IT security metric nor a natural scale type of the IT security. This makes the interpretation of the IT security difficult. To accomplish a comprehensive IT security assessment one must aggregate the IT security values to compounded values.
When developing IT security metrics it is important that permissible mathematical operations are made so that the information are maintained all the way through the metric. There is a need for a sound mathematical foundation for this matter.
The main results produced by the efforts in this thesis are:
• Identification of activities needed for IT security assessment when using IT security metrics.
• A method for selecting a set of security metrics in respect to goals and criteria, which also is used to
• Aggregate security values generated from a set of security metrics to compounded higher level security values.
• A mathematical foundation needed for development of security metrics.
Place, publisher, year, edition, pages
Institutionen för systemteknik , 2007. , 90 p.
IT security, metrics, mathematics, aggregation, interpretation, assessment
IdentifiersURN: urn:nbn:se:liu:diva-9766ISRN: LiTH-ISY-EX--07/4001--SEOAI: oai:DiVA.org:liu-9766DiVA: diva2:24144
2007-09-10, Algoritmen, B-huset, 10:15