TY - GEN
T1 - SoK
T2 - 15th International Conference on Availability, Reliability and Security, ARES 2020
AU - Diesch, Rainer
AU - Krcmar, Helmut
N1 - Publisher Copyright:
© 2020 ACM.
PY - 2020/8/25
Y1 - 2020/8/25
N2 - Information security metrics are used to measure the effectiveness of information security countermeasures. A large number of metrics and their technical nature creates difficulties when generating reports for the information security management level of an organization. Managers struggle with the usefulness and clarity of the metrics because they are not linked to the security management goals. Also, responsible managers with no technical information security background struggle to understand the metrics. Therefore, this study uses a state-of-the-art literature analysis together with the Goal-Question-Metric approach to investigate linking technical security metrics to management success factors. This study enables the management to design appropriate security reports for their organization and to direct the metrics toward making goal-oriented decisions. Furthermore, the study invites future research by revealing areas in which security metrics do not exist and create new solutions and studies to suggest a standardized information security dashboard.
AB - Information security metrics are used to measure the effectiveness of information security countermeasures. A large number of metrics and their technical nature creates difficulties when generating reports for the information security management level of an organization. Managers struggle with the usefulness and clarity of the metrics because they are not linked to the security management goals. Also, responsible managers with no technical information security background struggle to understand the metrics. Therefore, this study uses a state-of-the-art literature analysis together with the Goal-Question-Metric approach to investigate linking technical security metrics to management success factors. This study enables the management to design appropriate security reports for their organization and to direct the metrics toward making goal-oriented decisions. Furthermore, the study invites future research by revealing areas in which security metrics do not exist and create new solutions and studies to suggest a standardized information security dashboard.
KW - Goal-question-metric approach
KW - Information security metrics
KW - Security management success factors
KW - Systematic literature review
UR - http://www.scopus.com/inward/record.url?scp=85123042835&partnerID=8YFLogxK
U2 - 10.1145/3407023.3407059
DO - 10.1145/3407023.3407059
M3 - Conference contribution
AN - SCOPUS:85123042835
T3 - ACM International Conference Proceeding Series
BT - Proceedings of the 15th International Conference on Availability, Reliability and Security, ARES 2020
PB - Association for Computing Machinery
Y2 - 25 August 2020 through 28 August 2020
ER -