Advertisement

Service-Oriented Approach to Visualize IT Security Performance Metrics

  • Clemens Martin
  • Mustapha Refai
Part of the IFIP International Federation for Information Processing book series (IFIPAICT, volume 238)

Abstract

In this paper we propose a metrics visualization system design. Visualization is a key component in our Policy-Based Metrics Framework for Information Security Performance Measurement. To achieve openness and interoperability we have based our approach on a Service Oriented Architecture. The tight integration of a visualization component into our framework allows improved control of the metrics collection process, gives continuous access to security performance information, shows deviations between current data and set targets and displays developing trends. Thus management is enabled to more thoroughly understand their business’ security posture and is supported in their IT security related decision making processes.

Keywords

Control Manager Security Policy Security Goal Security Performance Metrics Framework 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    T. Bahil and D. Frank. (2006, May 19, 2006). What is systems engineering? A consensus of senior systems engineers. [Online]. 2006(June 2), pp. 13. Available: http://www.sie.arizona.edu/sysengr/whatis/whatis.html
  2. 2.
    F. Robrt. (2004, April 09, 2004). Collecting effective security metrics. [Online]. 2006(May 20), pp. 5. Available: http://www.csoonline.com/analyst/report2412.html
  3. 3.
    NIST 800-53. (2006, July 2006). Security metrics guide for information technology system. [Online]. 2006(May 15), pp. 159. Available: http://csrc.nist.gov/publications/drafts/800-53-rev1-clean-sz.pdf
  4. 4.
    NIST SP 800-80. (2006, May 2006). Guide for developing performance metrics for information security. [Online]. 2006(June 1), Available: http://csrc.nist.gov/publications/drafts/draft-sp800-80-ipd.pdf
  5. 5. NIST 800-26. (2005, August 2005). Security metrics guide for information technology system. [Online], 2006(May 15), pp. 106. Available: http://csrc.nist.gov/publications/drafts/Draft-sp800-26Rev1.pdf
  6. 6.
    NIST 800-55. (2003, July 2003). Security metrics guide for information technology system. [Online]. 2006(May 15), pp. 99. Available: http://csrc.nist.gov/publications/nistpubs/800-55/sp800-55.pdf

Copyright information

© International Federation for Information Processing 2007

Authors and Affiliations

  • Clemens Martin
    • 1
  • Mustapha Refai
    • 2
  1. 1.University of Ontario Institute of TechnologyCanada
  2. 2.University of Ontario Institute of TechnologyCanada

Personalised recommendations