<p>IT security metrics are used to achieve an IT security assessment of certain parts of the IT security environment. There is neither a consensus of the definition of an IT security metric nor a natural scale type of the IT security. This makes the interpretation of the IT security difficult. To accomplish a comprehensive IT security assessment one must aggregate the IT security values to compounded values.</p><p>When developing IT security metrics it is important that permissible mathematical operations are made so that the information are maintained all the way through the metric. There is a need for a sound mathematical foundation for this matter.</p><p>The main results produced by the efforts in this thesis are:</p><p>• Identification of activities needed for IT security assessment when using IT security metrics.</p><p>• A method for selecting a set of security metrics in respect to goals and criteria, which also is used to</p><p>• Aggregate security values generated from a set of security metrics to compounded higher level security values.</p><p>• A mathematical foundation needed for development of security metrics.</p>
| Identifer | oai:union.ndltd.org:UPSALLA/oai:DiVA.org:liu-9766 |
| Date | January 2007 |
| Creators | Bengtsson, Mattias |
| Publisher | Linköping University, Department of Electrical Engineering, Institutionen för systemteknik |
| Source Sets | DiVA Archive at Upsalla University |
| Language | English |
| Detected Language | English |
| Type | Student thesis, text |
Page generated in 0.0025 seconds