Aggregation of Security Metrics for Decision Making: A Reference Architecture

Ahmed, Y. and Naqvi, S. and Josephs, Mark (2018) Aggregation of Security Metrics for Decision Making: A Reference Architecture. In: 12th European Conference on Software Architecture: Companion Proceedings (ECSA 18), 24-28 September 2018, Madrid, Spain.

Full text not available from this repository. (Request a copy)


Existing security technologies play a significant role in protecting enterprise systems but they are no longer enough on their own given the number of successful cyberattacks against businesses and the sophistication of the tactics used by attackers to bypass the security defences. Security measurement is different to security monitoring in the sense that it provides a means to quantify the security of the systems while security monitoring helps in identifying abnormal events and does not measure the actual state of an infrastructure’s security. The goal of enterprise security metrics is to enable understanding of the overall security using measurements to guide decision making. In this paper we present a reference architecture for aggregating the measurement values from the different components of the system in order to enable stakeholders to see the overall security state of their enterprise systems and to assist with decision making. This will provide a newer dimension to security management by shifting from security monitoring to security measurement.

Item Type: Conference or Workshop Item (Paper)
19 July 2018Accepted
30 September 2018Published Online
Subjects: CAH11 - computing > CAH11-01 - computing > CAH11-01-01 - computer science
Divisions: Faculty of Computing, Engineering and the Built Environment > School of Computing and Digital Technology
Depositing User: Syed Naqvi
Date Deposited: 13 Aug 2018 14:07
Last Modified: 22 Mar 2023 12:01

Actions (login required)

View Item View Item


In this section...