Security level evaluation with F4SLE

Warning

This publication doesn't include Faculty of Economics and Administration. It includes Faculty of Informatics. Official publication website can be found on muni.cz.
Authors

SEEBA Mari OJA Tarmo MURUMAA Maria Pibilota STUPKA Václav

Year of publication 2023
Type Article in Proceedings
Conference ARES '23: Proceedings of the 18th International Conference on Availability, Reliability and Security
MU Faculty or unit

Faculty of Informatics

Citation
Doi http://dx.doi.org/10.1145/3600160.3605045
Keywords security; cybersecurity; certification and standardisation; security evaluation
Description In the realm of security measurements, extensive efforts have been made to evaluate and compare security levels at the country level, resulting in various indices. However, there has been a dearth of evaluations focusing on the information security posture of individual organizations and simultaneously on state-level status evaluation. Such evaluations hold significant potential for providing valuable feedback on the security status of organizations and facilitating assessments and supportive data-driven focused interventions at a national level. This study leverages the Framework for Security Level Evaluation (F4SLE) and the developed tool, Measurement Application for Self-assessing Security (MASS), to collect data for the evaluation. The paper presents diverse options for interpreting the collected data and establishes the foundation for an ongoing cross-country study. The results encompass the analysis of organization-level data and offer insights into overall approaches to security across organizations. This study is a preliminary step toward a more comprehensive information security examination.
Related projects:

You are running an old browser version. We recommend updating your browser to its latest version.