Infonnation Systems security evaluation is a sine qua non requirement for effective IT security management, as well as for establishing trust among different but cooperating business partners. This paper initially provides a critical review of traditionally applied evaluation and certification schemes. Based upon this review, the paper stresses the need for an approach that is quantitative in nature and can address the problem of IS operational security. Then, such an approach is presented, mainly based on an existing complex of models (CEISOQ) for evaluating IS operation quality. It is argued that there are certain benefits if this approach is applied in combination with the traditional qualitative ones.
CITATION STYLE
Gritzalis, D., Karyda, M., & Gymnopoulos, L. (2002). Elaborating quantitative approaches for it security evaluation. In IFIP Advances in Information and Communication Technology (Vol. 86, p. 67). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-0-387-35586-3_5
Mendeley helps you to discover research relevant for your work.