Quality of protection

Information security in the business setting has matured in the last few decades. Standards, such as IS017799, the Common Criteria’s, and a number of industry and academic certifications and risk analysis methodologies, have raised the bar on what is considered good security solution, from a business perspective. Yet, the evaluation of security solutions has largely a qualitative flavor. Notions such as Security Metrics, Quality of Protection (QoP) or Protection Level Agreement (PLA) have only surfaced in the literature. Quality of Protection: Security Measurements and Metrics is an edited volume based on the Quality of Protection Workshop at ESORICS 2005, the flagship European Symposium on Research in Computer Security. This book discusses how security research can progress towards a notion of quality of protection in security, comparable to the notion of quality of service in networking and software measurements and metrics, in empirical software engineering. Quality of Protection: Security Measurements and Metrics is designed for a professional audience, composed of researchers and practitioners in industry. This book is also suitable for graduate-level students in computer science and telecommunications.