A Conceptual Model for a Metric Based Framework for the Monitoring of Information Security Tasks’ Efficiency

2019
Sönmez, Ferda Özdemir
Information Security Governance Systems are not adequate to measure the effectiveness and efficiency of security tasks for the enterprises. Although some of the systems offer ways for measurement, they still need the definition of measurement objectives and metrics. This study proposes a conceptual framework mode which has human and tool/process related metrics. This system also allows the collection of evidence data for security-related tasks and ways to motivate the security staff to provide a more productive environment. This system may be applied to any size of enterprise independent of its business domain or functions as long as the aim is to improve the effectiveness and efficiency of security-related tasks. (C) 2019 The Authors. Published by Elsevier B.V.

Suggestions

A Decision Support System for Optimal Selection of Enterprise Information Security Preventative Actions
Sonmez, Ferda Ozdemir; Günel Kılıç, Banu (2021-09-01)
Types and complexity of information security related vulnerabilities are growing rapidly and present numerous challenges to the enterprises. One of the key challenges is to identify the optimal set of precautions with limited budget. Despite the fact that majority of enterprises have a budget constraint for installing and maintaining the protection systems, the majority of the previous work only focus on prioritization of security targets and do not consider the preventative actions and budget constraints. ...
An assessment model for web-based information system effectiveness
Tokdemir, Gül; Bilgen, Semih; Department of Information Systems (2009)
Information System (IS) effectiveness assessment is an important issue for the organizations as IS have become critical for their survival. With the incorporation of Internet technologies into the business environment, it is now more difficult to measure IS effectiveness, because Internet provides a borderless, non-stop, flexible communication medium. Assessing the effectiveness of web-based information systems (WIS) is vital for survival and competitive advantage which is a complicated subject since there ...
An approach for defensive information warfare in the Turkish land forces command
Özcan, Fuzuli; Bilgen, Semih; Department of Information Systems (2002)
In this study,Information Warfare (IW)and Information System (IS) security concept in the Turkish Land Forces Command (TLFC)are investigated.An approach that will enhance the success for a secure Information System to alleviate experienced risks is proposed.Starting with the general overview of the literature about IW and IS security,the relation between the concepts,the future,advantages and disadvantages of security development approaches,and the requirements for security are reviewed. Then the spe...
A Survey about the integration of social engineering attacks with cyber security exploiting Turkish vulnerabilities in Turkey
Tosun, Adem; Baykal, Nazife; Department of Information Systems (2015)
Many organizations have been seeking for comprehensive and applicable security policies to regulate their security aspects. As it is a well-known issue, the weakest link of chain in Cyber security is human being and it cannot be measured easily as its being intangible. Organizations may invest millions of dollars to build technically secure systems by installing high level trusted software programs or devices. History has shown that these kind of measures neither has been that much successful or effective i...
A framework based on continuous security monitoring
Ertürk, Volkan; Arifoğlu, Ali; Department of Information Systems (2008)
Continuous security monitoring is the process of following up the IT systems by collecting measurements, reporting and analysis of the results for comparing the security level of the organization on continuous time axis to see how organizational security is progressing in the course of time. In the related literature there is very limited work done to continuously monitor the security of the organizations. In this thesis, a continuous security monitoring framework based on security metrics is proposed. More...
Citation Formats
F. Ö. Sönmez, “A Conceptual Model for a Metric Based Framework for the Monitoring of Information Security Tasks’ Efficiency,” 2019, vol. 160, p. 181, Accessed: 00, 2020. [Online]. Available: https://hdl.handle.net/11511/58147.