Ontology-Based Generation of IT-Security Metrics
Publication
Legal regulations and industry standards require organizations to measure and maintain a specified IT-security level. Although several IT-security metrics approaches have been developed, a methodology for automatically generating ISO 27001-based IT-security metrics based on concrete organization-specific control implementation knowledge is missing. Based on the security ontology by Fenz et al., including information security domain knowledge and the necessary structures to incorporate organization-specific facts into the ontology, this paper proposes a methodology for automatically generating ISO 27001-based IT-security metrics. The conducted validation has shown that the research results are a first step towards increasing the degree of automation in the field of IT-security metrics. Using the introduced methodology, organizations are enabled to evaluate their compliance with information security standards, and to evaluate control implementations‘ effectiveness at the same time.
Tags In
Kategorien
Schlagwörter
Agribusiness
AURUM
BITCRIME
Building Planning
City Planning
Climate change
CO2
Compliance Management
Corporate Social Responsibility (CSR)
CSRMAP
Digital Farming
e-Health
ECOCITIES
Energy Efficiency
Energy Efficiency Directive (EED)
Energy Simulation
European Commission
farming.software
Glossary
IT Security
Landwirtschaft
Privacy
Pseudonymization
Risk Management
Semantic Web
SEMERGY
Smart farming
Sustainability