Towards Quantification of Information System Security
Quantification is a highly successful paradigm in many technical and engineering disciplines. Security quantification is the representation and analysis of information security in a quantitative manner. The exponential growth of information technology and the prospect of increased public access to the computing, communications, and storage resources have made these systems more vulnerable to attacks. The need to protect these systems is fueling the need of quantifying security metrics to determine the exact level of security assurances. This paper presents a quantitative framework based on Fuzzy Analytic Hierarchy Process (FAHP) to quantify the security performance of an information system.
KeywordsInformation system Security metrics Fuzzy analytic hierarchy process
Unable to display preview. Download preview PDF.
- 7.Chew, E., Swanson, M., Stine, K., Bartol, N., Brown, A., Robinson, W.: NIST performance measurement guide for information security. Technical report, NIST (September 2008)Google Scholar
- 8.Saaty, T.: The Analytic Hierarchy Process. McGraw-Hill (1980)Google Scholar
- 10.WISSRR Workshop Proceedings, Security System Scoring and Ranking (May 2001)Google Scholar
- 11.Introduction to ISO 27004 / ISO27004, http://www.27000.org/iso-27004.htm