IT security metrics are used to achieve an IT security assessment of certain parts of the IT security environment. There is neither a consensus of the definition of an IT security metric nor a natural scale type of the IT security. This makes the interpretation of the IT security difficult. To accomplish a comprehensive IT security assessment one must aggregate the IT security values to compounded values. When developing IT security metrics it is important that permissible mathematical operations are made so that the information are maintained all the way through the metric. There is a need for a sound mathematical foundation for this matter. The main results produced by the efforts in this thesis are: • Identification of activities needed for IT security assessment when using IT security metrics. • A method for selecting a set of security metrics in respect to goals and criteria, which also is used to • Aggregate security values generated from a set of security metrics to compounded higher level security values. • A mathematical foundation needed for development of security metrics.
Identifer | oai:union.ndltd.org:UPSALLA1/oai:DiVA.org:liu-9766 |
Date | January 2007 |
Creators | Bengtsson, Mattias |
Publisher | Linköpings universitet, Institutionen för systemteknik, Institutionen för systemteknik |
Source Sets | DiVA Archive at Upsalla University |
Language | English |
Detected Language | English |
Type | Student thesis, info:eu-repo/semantics/bachelorThesis, text |
Format | application/pdf |
Rights | info:eu-repo/semantics/openAccess |
Page generated in 0.0019 seconds