Security level evaluation with F4SLE
Authors | |
---|---|
Year of publication | 2023 |
Type | Article in Proceedings |
Conference | ARES '23: Proceedings of the 18th International Conference on Availability, Reliability and Security |
MU Faculty or unit | |
Citation | |
Doi | http://dx.doi.org/10.1145/3600160.3605045 |
Keywords | security; cybersecurity; certification and standardisation; security evaluation |
Description | In the realm of security measurements, extensive efforts have been made to evaluate and compare security levels at the country level, resulting in various indices. However, there has been a dearth of evaluations focusing on the information security posture of individual organizations and simultaneously on state-level status evaluation. Such evaluations hold significant potential for providing valuable feedback on the security status of organizations and facilitating assessments and supportive data-driven focused interventions at a national level. This study leverages the Framework for Security Level Evaluation (F4SLE) and the developed tool, Measurement Application for Self-assessing Security (MASS), to collect data for the evaluation. The paper presents diverse options for interpreting the collected data and establishes the foundation for an ongoing cross-country study. The results encompass the analysis of organization-level data and offer insights into overall approaches to security across organizations. This study is a preliminary step toward a more comprehensive information security examination. |
Related projects: |