Security Metrics for a Business Information System

The notion of security metrics is a very significant aspect for Enterprise information System (BIS). Information Security metrics are often underused and in some cases unseen, anyway could be a profitable instrument in assembling better enterprise security. This information aides measure the day by day impact and quality of current defends and shows the quality of these functions through all business methodologies. This paper discusses a ASPIRE methodical approach to identify the right metrics to measure security preparedness and move toward a strong justification for information security investment and better enterprise outcomes.

[1]  Erik Johansson,et al.  Assessment of enterprise information security - the importance of prioritization $ , 2005, Ninth IEEE International EDOC Enterprise Computing Conference (EDOC'05).

[2]  John Mylopoulos,et al.  Security and privacy requirements analysis within a social setting , 2003, Proceedings. 11th IEEE International Requirements Engineering Conference, 2003..

[3]  Rayford B. Vaughn,et al.  Information assurance measures and metrics - state of practice and proposed taxonomy , 2003, 36th Annual Hawaii International Conference on System Sciences, 2003. Proceedings of the.

[4]  Reijo Savola,et al.  Quality of security metrics and measurements , 2013, Comput. Secur..

[5]  S. Kowalski,et al.  SECURITY METRICS AND EVALUATION OF INFORMATION SYSTEMS SECURITY , 2004 .

[6]  I. Tashi,et al.  Security metrics to improve information security management , 2007 .

[7]  Reijo Savola A Security Metrics Taxonomization Model for Software-Intensive Systems , 2009, J. Inf. Process. Syst..

[8]  Marianne Swanson,et al.  Security metrics guide for information technology systems , 2003 .

[9]  Stewart Kowalski,et al.  Information Security Metrics: State of the Art : State of the art , 2011 .

[10]  Lori Homsher Gathering Security Metrics and Reaping the Rewards , 2009 .

[11]  Erland Jonsson,et al.  A Framework for Security Metrics Based on Operational System Attributes , 2011, 2011 Third International Workshop on Security Measurements and Metrics.

[12]  Mathias Ekstedt,et al.  Assessment of Enterprise Information Security — The Importance of Information Search Cost , 2006, Proceedings of the 39th Annual Hawaii International Conference on System Sciences (HICSS'06).

[13]  Mathias Ekstedt,et al.  Using Enterprise Architecture for CIO Decision-Making On the Importance of Theory , 2004 .

[14]  Carl Marnewick,et al.  A security framework for an ERP system , 2005, ISSA.

[15]  George Stephanides,et al.  The economic approach of information security , 2005, Comput. Secur..

[16]  Hao Wang,et al.  Security metrics for software systems , 2009, ACM-SE 47.

[17]  Theodosios Tsiakis Information Security Expenditures: a Techno-Economic Analysis , 2010 .

[18]  Marianne Swanson,et al.  Security Self-Assessment Guide for Information Technology Systems , 2001 .

[19]  Ravi Kiran,et al.  Vulnerability Management for an Enterprise Resource Planning System , 2012, ArXiv.