Technical Security Metrics Model in Compliance with ISO/IEC 27001 Standard
Technical security metrics provide measurements in ensuring the effectiveness of technical security controls or technology devices/objects that are used in protecting the information systems. However, lack of understanding and method to develop the technical security metrics may lead to unachievable...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
2012
|
| Subjects: | |
| Online Access: | http://eprints.utem.edu.my/id/eprint/9484/1/Azuwa_Publication_Journal.pdf http://eprints.utem.edu.my/id/eprint/9484/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Universiti Teknikal Malaysia Melaka |
| Language: | English |
| id |
my.utem.eprints.9484 |
|---|---|
| record_format |
eprints |
| spelling |
my.utem.eprints.94842015-05-28T04:04:22Z http://eprints.utem.edu.my/id/eprint/9484/ Technical Security Metrics Model in Compliance with ISO/IEC 27001 Standard M.P. Azuwa, Azuwa Ahmad, Rabiah Sahib, Sharin ZA4050 Electronic information resources Technical security metrics provide measurements in ensuring the effectiveness of technical security controls or technology devices/objects that are used in protecting the information systems. However, lack of understanding and method to develop the technical security metrics may lead to unachievable security control objectives and inefficient implementation. This paper proposes a model of technical security metrics to measure the effectiveness of network security management. The measurement is based on the security performance for (1) network security controls such as firewall, Intrusion Detection Prevention System (IDPS), switch, wireless access point and network architecture; and (2) network services such as Hypertext Transfer Protocol Secure (HTTPS) and virtual private network (VPN). The methodology used is Plan-Do-Check-Act process model. The proposed technical security metrics provide guidance for organizations in complying with requirements of ISO/IEC 27001 Information Security Management System (ISMS) standard. The proposed model should also be able to provide a comprehensive measurement and guide to use ISO/IEC 27004 ISMS Measurement standard. 2012 Article PeerReviewed application/pdf en http://eprints.utem.edu.my/id/eprint/9484/1/Azuwa_Publication_Journal.pdf M.P. Azuwa, Azuwa and Ahmad, Rabiah and Sahib, Sharin (2012) Technical Security Metrics Model in Compliance with ISO/IEC 27001 Standard. International Journal of Cyber-Security and Digital Forensics, 1. pp. 280-288. ISSN 23050012 |
| institution |
Universiti Teknikal Malaysia Melaka |
| building |
UTEM Library |
| collection |
Institutional Repository |
| continent |
Asia |
| country |
Malaysia |
| content_provider |
Universiti Teknikal Malaysia Melaka |
| content_source |
UTEM Institutional Repository |
| url_provider |
http://eprints.utem.edu.my/ |
| language |
English |
| topic |
ZA4050 Electronic information resources |
| spellingShingle |
ZA4050 Electronic information resources M.P. Azuwa, Azuwa Ahmad, Rabiah Sahib, Sharin Technical Security Metrics Model in Compliance with ISO/IEC 27001 Standard |
| description |
Technical security metrics provide measurements in ensuring the effectiveness of technical security controls or technology devices/objects that are used in protecting the information systems. However, lack of understanding and method to develop the technical security metrics may lead to unachievable security control objectives and inefficient implementation. This paper proposes a model of technical security metrics to measure the effectiveness of network security management. The measurement is based on the security performance for (1) network security controls such as firewall, Intrusion Detection Prevention System (IDPS), switch, wireless access point and network architecture; and (2) network services such as Hypertext Transfer Protocol Secure (HTTPS) and virtual private network (VPN). The methodology used is Plan-Do-Check-Act process model. The proposed technical security metrics provide guidance for organizations in complying with requirements of ISO/IEC 27001 Information Security Management System (ISMS) standard. The proposed model should also be able to provide a comprehensive measurement and guide to use ISO/IEC 27004 ISMS Measurement standard. |
| format |
Article |
| author |
M.P. Azuwa, Azuwa Ahmad, Rabiah Sahib, Sharin |
| author_facet |
M.P. Azuwa, Azuwa Ahmad, Rabiah Sahib, Sharin |
| author_sort |
M.P. Azuwa, Azuwa |
| title |
Technical Security Metrics Model in Compliance with ISO/IEC 27001 Standard |
| title_short |
Technical Security Metrics Model in Compliance with ISO/IEC 27001 Standard |
| title_full |
Technical Security Metrics Model in Compliance with ISO/IEC 27001 Standard |
| title_fullStr |
Technical Security Metrics Model in Compliance with ISO/IEC 27001 Standard |
| title_full_unstemmed |
Technical Security Metrics Model in Compliance with ISO/IEC 27001 Standard |
| title_sort |
technical security metrics model in compliance with iso/iec 27001 standard |
| publishDate |
2012 |
| url |
http://eprints.utem.edu.my/id/eprint/9484/1/Azuwa_Publication_Journal.pdf http://eprints.utem.edu.my/id/eprint/9484/ |
| _version_ |
1665905402629324800 |