The method of implementation of the numerical IT-Security metrics in management systems

Ilya Livshitz; Pavel Lontsikh; Sergey Eliseev

doi:10.23919/FRUCT.2017.8071318

Proceedings of the XXth Conference of Open Innovations Association FRUCT (Apr 2017)

The method of implementation of the numerical IT-Security metrics in management systems

Ilya Livshitz,
Pavel Lontsikh,
Sergey Eliseev

Affiliations

Ilya Livshitz: ITMO University, St. Petersburg, Russia
Pavel Lontsikh: Irkutsk National Research Technical University, Irkutsk, Russia
Sergey Eliseev: Irkutsk National Research Technical University, Irkutsk, Russia

DOI: https://doi.org/10.23919/FRUCT.2017.8071318
Journal volume & issue: Vol. 776, no. 20
pp. 242 – 247

Abstract

Read online

The relevance of the publication is called by the attention to the problem of formation of reliable measurement results (estimates) of the IT-Security management systems' (ISMS) effectiveness. Decision-makers must operate reliable results of carrying out the measurements of ISMS based on objective quantitative metrics of IT-Security. Known methods for evaluation of the safety systems are presented excluding the PDCA cycle requirements and apart from the general requirements directly to the ISMS. The study of the applicable standards (ISO, NIST, and GOST) and the current practice allowed us to propose an approach to the explanation of a technique of formation of IT-Security metrics, that numerically let us to assess the effectiveness of the ISMS. The results can find a practical application in the independent efficiency evaluation of the ISMS.

Published in Proceedings of the XXth Conference of Open Innovations Association FRUCT

ISSN: 2305-7254 (Print); 2343-0737 (Online)
Publisher: FRUCT
Country of publisher: Finland
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering: Telecommunication
Website: http://fruct.org/publication

About the journal

Abstract

Keywords