Ontology-Based Generation of IT-Security Metrics
Legal regulations and industry standards require organizations to measure and maintain a specified IT-security level. Although several IT-security metrics approaches have been developed, a methodology for automatically generating ISO 27001-based IT-security metrics based on concrete organization-specific control implementation knowledge is missing. Based on the security ontology by Fenz et al., including information security domain knowledge and the necessary structures to incorporate organization-specific facts into the ontology, this paper proposes a methodology for automatically generating ISO 27001-based IT-security metrics. The conducted validation has shown that the research results are a first step towards increasing the degree of automation in the field of IT-security metrics. Using the introduced methodology, organizations are enabled to evaluate their compliance with information security standards, and to evaluate control implementations‘ effectiveness at the same time.
Agribusiness AURUM BITCRIME Building Planning City Planning Climate change CO2 Compliance Management Corporate Social Responsibility (CSR) CSRMAP e-Health ECOCITIES Energy Efficiency Energy Efficiency Directive (EED) Energy Simulation European Commission Glossary IT Security Landwirtschaft Privacy Pseudonymization Risk Management Semantic Web SEMERGY Smart farming Sustainability