Relations among Security Metrics for Template Protection Algorithms

Many biometric template protection algorithms have been proposed mainly in two approaches: biometric feature transformation and biometric cryptosystem. Security evaluation of the proposed algorithms are often conducted in various inconsistent manner. Thus, it is strongly demanded to establish the common evaluation metrics for easier comparison among many algorithms. Simoens et al. and Nagar et al. proposed good metrics covering nearly all aspect of requirements expected for biometric template protection algorithms. One drawback of the two papers is that they are biased to experimental evaluation of security of biometric template protection algorithms. Therefore, it was still difficult mainly for algorithms in biometric cryptosystem to prove their security according to the proposed metrics. This paper will give a formal definitions for security metrics proposed by Simoens et al. and Nagar et al. so that it can be used for the evaluation of both of the two approaches. Further, this paper will discuss the relations among several notions of security metrics

Enterprise information security policy assessment - an extended framework for metrics development utilising the goal-question-metric approach

Effective enterprise information security policy management requires review and assessment activities to ensure information security policies are aligned with business goals and objectives. As security policy management involves the elements of policy development process and the security policy as output, the context for security policy assessment requires goal-based metrics for these two elements. However, the current security management assessment methods only provide checklist types of assessment that are predefined by industry best practices and do not allow for developing specific goal-based metrics. Utilizing theories drawn from literature, this paper proposes the Enterprise Information Security Policy Assessment approach that expands on the Goal-Question-Metric (GQM) approach. The proposed assessment approach is then applied in a case scenario example to illustrate a practical application. It is shown that the proposed framework addresses the requirement for developing assessment metrics and allows for the concurrent undertaking of process-based and product-based assessment. Recommendations for further research activities include the conduct of empirical research to validate the propositions and the practical application of the proposed assessment approach in case studies to provide opportunities to introduce further enhancements to the approach