Towards a Measurement Framework for Security Risk Management

Download Now Free registration required

Executive Summary

Risk management is currently a key tool for managing Information System (IS) security. In the context of the definition of an IS Security Risk Management (ISSRM) modelling language, the authors have already defined the set of concepts and relationships taking a place in the ISSRM domain within a UML class diagram. To extend this work and to support reasoning at the modelling language level, the objective is now to define the metrics available. A systematic and iterative research method is proposed to determine suited metrics. It consists first of the application of the Goal-Question-Metric (GQM) approach on the domain model. Second a review of the literature aims at completing and validating this first step.

  • Format: PDF
  • Size: 284 KB