A tool for security metrics modeling and visualization

Measuring the security level of an information system to acquire reliable perception of its state requires the use of various different security metrics that can provide extensive security evidence of the system. Visualization can then be used to facilitate the management of the security metrics and measurements and to enhance understanding on their relationships. This paper introduces a tool for modeling and monitoring the security state of a system and focuses on the visualization aspects of the tool. The security metrics of a system are organized hierarchically in the tool, so that more general and conceptual security metrics on the higher levels are connected to detailed, low-level measurements. The tool helps bring meaningfulness to the security metrics and helps the user be more aware of the security state of the system during runtime use of the tool. By having organized security evidence from high-level objectives to low-level measurements the user is able to act on the security incidents more proficiently