• DocumentCode
    2415131
  • Title

    Collection of Quantitative Data on Security Incidents

  • Author

    Nowey, Thomas ; Federrath, Hannes

  • Author_Institution
    Dept. Manage. of Inf. Security, Regensburg Univ.
  • fYear
    2007
  • fDate
    10-13 April 2007
  • Firstpage
    325
  • Lastpage
    334
  • Abstract
    Quantitative data about security threats is a precondition for a precise assessment of security risks and consequently for an efficient management of information security. Currently such data is hardly available, especially for small and medium-sized organizations. In this paper we discuss different ways of gathering quantitative data and present a new approach for the collection of historical data on security incidents. We propose a platform that collects, aggregates and evaluates data on security incidents from multiple organizations. We identify basic requirements for such a platform and show approaches for satisfying them. We especially emphasize the aspects of security and fairness. Finally we introduce a prototype that shows how an implementation could look like
  • Keywords
    data analysis; risk management; security of data; historical data; information security management; quantitative data; security incidents; security risk assessment; security threats; Aggregates; Best practices; Data security; Information management; Information security; Investments; Prototypes; Quality management; Risk analysis; Risk management;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Availability, Reliability and Security, 2007. ARES 2007. The Second International Conference on
  • Conference_Location
    Vienna
  • Print_ISBN
    0-7695-2775-2
  • Type

    conf

  • DOI
    10.1109/ARES.2007.57
  • Filename
    4159820
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2415131