Abstract
In this paper we propose a metrics visualization system design. Visualization is a key component in our Policy-Based Metrics Framework for Information Security Performance Measurement. To achieve openness and interoperability we have based our approach on a Service Oriented Architecture. The tight integration of a visualization component into our framework allows improved control of the metrics collection process, gives continuous access to security performance information, shows deviations between current data and set targets and displays developing trends. Thus management is enabled to more thoroughly understand their business’ security posture and is supported in their IT security related decision making processes.
Please use the following format when citing this chapter: Martin, C. and Refai, M., 2007, in IFIP International Federation for Information Processing, Volume 238, Trust Management, eds. Etalle, S., Marsh, S., (Boston: Springer), pp. 403–406.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
T. Bahil and D. Frank. (2006, May 19, 2006). What is systems engineering? A consensus of senior systems engineers. [Online]. 2006(June 2), pp. 13. Available: http://www.sie.arizona.edu/sysengr/whatis/whatis.html
F. Robrt. (2004, April 09, 2004). Collecting effective security metrics. [Online]. 2006(May 20), pp. 5. Available: http://www.csoonline.com/analyst/report2412.html
NIST 800-53. (2006, July 2006). Security metrics guide for information technology system. [Online]. 2006(May 15), pp. 159. Available: http://csrc.nist.gov/publications/drafts/800-53-rev1-clean-sz.pdf
NIST SP 800-80. (2006, May 2006). Guide for developing performance metrics for information security. [Online]. 2006(June 1), Available: http://csrc.nist.gov/publications/drafts/draft-sp800-80-ipd.pdf
5. NIST 800-26. (2005, August 2005). Security metrics guide for information technology system. [Online], 2006(May 15), pp. 106. Available: http://csrc.nist.gov/publications/drafts/Draft-sp800-26Rev1.pdf
NIST 800-55. (2003, July 2003). Security metrics guide for information technology system. [Online]. 2006(May 15), pp. 99. Available: http://csrc.nist.gov/publications/nistpubs/800-55/sp800-55.pdf
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2007 International Federation for Information Processing
About this paper
Cite this paper
Martin, C., Refai, M. (2007). Service-Oriented Approach to Visualize IT Security Performance Metrics. In: Etalle, S., Marsh, S. (eds) Trust Management. IFIPTM 2007. IFIP International Federation for Information Processing, vol 238. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-73655-6_27
Download citation
DOI: https://doi.org/10.1007/978-0-387-73655-6_27
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-73654-9
Online ISBN: 978-0-387-73655-6
eBook Packages: Computer ScienceComputer Science (R0)