Title :
Collection of Quantitative Data on Security Incidents
Author :
Nowey, Thomas ; Federrath, Hannes
Author_Institution :
Dept. Manage. of Inf. Security, Regensburg Univ.
Abstract :
Quantitative data about security threats is a precondition for a precise assessment of security risks and consequently for an efficient management of information security. Currently such data is hardly available, especially for small and medium-sized organizations. In this paper we discuss different ways of gathering quantitative data and present a new approach for the collection of historical data on security incidents. We propose a platform that collects, aggregates and evaluates data on security incidents from multiple organizations. We identify basic requirements for such a platform and show approaches for satisfying them. We especially emphasize the aspects of security and fairness. Finally we introduce a prototype that shows how an implementation could look like
Keywords :
data analysis; risk management; security of data; historical data; information security management; quantitative data; security incidents; security risk assessment; security threats; Aggregates; Best practices; Data security; Information management; Information security; Investments; Prototypes; Quality management; Risk analysis; Risk management;
Conference_Titel :
Availability, Reliability and Security, 2007. ARES 2007. The Second International Conference on
Conference_Location :
Vienna
Print_ISBN :
0-7695-2775-2
DOI :
10.1109/ARES.2007.57
