|Publication type:||Conference paper|
|Type of review:||Peer review (publication)|
|Title:||Progress in Guttman scaling of IT security objectives|
|Authors:||Mock, Ralf Günter|
|Proceedings:||Reliability, risk and safety : back to the future|
|Conference details:||European Safety and Reliability Conference (ESREL 2010), Rhodes, Greece, 5-9 September 2010|
|Publisher / Ed. Institution:||Taylor & Francis|
|Publisher / Ed. Institution:||London|
|Subjects:||Audit; Tool; IT security; Risk assessment|
|Subject (DDC):||004: Computer science|
|Abstract:||Business constraints usually result in heuristic and biased approaches of risk analyses, e.g., checklists, at IT-driven corporations. As a corporation's management will not accept complex or extensive mathematical approaches, the only way is to improve questioning within the risk analysis framework. The paper follows the idea of Guttman scaling as presented at ESREL 2009: a FMEA structures the risk analysis approach whereas the Code of Practice (ISO/IEC 27002) gives a limited set of recommendations with regard to Information Security (IS) management. Finally, the Guttman scaling of questions about the fulfilment of recommendations results in a ranked list of staggered IS management measurements, i.e., the total fulfilment of an IS objective will result in an expected low frequency of IS management failures. The paper pictures the improvements and developments of Guttman Scaling of IT security objectives. Progress has been made in re-wording and completing the list of Guttman questions with regard to ISO/IEC 27002. Special consideration was taken to enquire only a single attribute per question. The statistical analysis of the final matrix of measurements with regard to the Code's Objectives uses hierarchical clustering methods and results are shown as dendrograms. The set of Guttman questions is further simplified in order to meet business context. Experts at the computing centre of the University of Technology Zurich (HSZ-T) test the reworked methodology in a case study. Pro and cons are discussed.|
|Fulltext version:||Published version|
|License (according to publishing contract):||Licence according to publishing contract|
|Departement:||School of Engineering|
|Organisational Unit:||Institute of Applied Information Technology (InIT)|
|Appears in collections:||Publikationen School of Engineering|
Files in This Item:
There are no files associated with this item.
Show full item record
Mock, R. G., Kollmann, E., Ballhaus, C., & Aeschlimann, P. (2010). Progress in Guttman scaling of IT security objectives [Conference paper]. Reliability, Risk and Safety : Back to the Future, 522–529.
Mock, R.G. et al. (2010) ‘Progress in Guttman scaling of IT security objectives’, in Reliability, risk and safety : back to the future. London: Taylor & Francis, pp. 522–529.
R. G. Mock, E. Kollmann, C. Ballhaus, and P. Aeschlimann, “Progress in Guttman scaling of IT security objectives,” in Reliability, risk and safety : back to the future, 2010, pp. 522–529.
Mock, Ralf Günter, et al. “Progress in Guttman Scaling of IT Security Objectives.” Reliability, Risk and Safety : Back to the Future, Taylor & Francis, 2010, pp. 522–29.
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.