Name
Abstract | ||
|---|---|---|
To better control IT security in software engineering and IT management, we need to assess security qualities in the different phases of a system's lifecycle. To this end, various security indicators, measures, and metrics have been proposed by scientists and practitioners, but few have gained general acceptance. We surveyed the current state of the art in qualita-tive and quantitative security measurement to characterize the available measurement strategies, their maturity, and the conceptual or technical obstacles preventing further progress in this field of research. We classified the proposed security indicators with respect to their characteristic properties and derived a classification tree delineating the different security assessment strategies and their derived security measures. Based on this overview, we analyzed the relative merits and deficiencies of current approaches, and we suggested future steps towards better security metrics. This paper summarizes the main results of our survey. |
Year | DOI | Venue |
|---|---|---|
2012 | 10.1109/ARES.2012.10 | ARES |
Keywords | Field | DocType |
available measurement strategy,it management,security indicator approaches,security measure,quantitative security measurement,critical survey,various security indicator,proposed security indicator,it security,better security metrics,security quality,different security assessment strategy,decision trees,software metrics | Data mining,Security convergence,Security engineering,Computer science,Software security assurance,Computer security,Security service,Security information and event management,Information security audit,Computer security model,Security management | Conference |
Citations | PageRank | References |
3 | 0.43 | 0 |
Authors | ||
2 | ||
Name | Order | Citations | PageRank |
|---|---|---|---|
| Manuel Rudolph | 1 | 13 | 2.74 |
| Reinhard Schwarz | 2 | 3 | 0.77 |