To obtain access to full text of journal and articles you must register!
- Article name
- The method of preparation the quantitative IT-security measures (Review)
- Authors
- Livshits I. I., , Livshitz.il@yandex.ru, LLC "GasInformService", St.-Petersburg, Russia
- Keywords
- information security / information security management system / it-security metrics / standard / effectiveness assessment
- Year
- 2016 Issue 3 Pages 54 - 64
- Code EDN
- Code DOI
- Abstract
- The relevance of this publication called attention to the problem of formation the reliable measurement results (assessment) of IT-Security Management Systems (ISMS) effectiveness. The decision-makers need to operate with reliable results of ISMS measurement effectiveness based on objective and transparency quantitative IT-Security metrics. Performed research of applicable standards both ISO and NIST and existing practices allowed to propose the approach to the justification of the choice of IT-Security metrics, which allows perform numerically the ISMS effectiveness and provide the balance of cost of implementation the level of IT-Security, defined by decision-maker. The methodological basis for IT-Security metrics selection defined ISO standards 27001 series and additional supplemented by the development of the theory of "elite group". This basis allows perform assessment the ISMS effectiveness based on super-criteria and OT-Security metrics. The results of this issue can find practical application in the independent evaluation of the ISMS.
- Text
- To obtain access to full text of journal and articles you must register!
- Buy
