Abstract | ||
---|---|---|
Systematically managed, sufficient and credible security metrics increase the understanding of the security effectiveness level of software-intensive systems during the system development and operation. Risk-driven top-down modeling enables systematic and meaningful security metrics development. We propose six strategies for security measurement objective decomposition. Their focus is on metrics development for security correctness, software and system quality, partial security effectiveness, as well as security-related compliance and tradeoff decision-making. The proposed strategies integrate an abstract security effectiveness model, security measurement objectives, and the associated measurement points in relevant system components. Security effectiveness is emphasized in all strategies despite of other objectives. |
Year | DOI | Venue |
---|---|---|
2012 | 10.1109/ISSA.2012.6320434 | 2012 INFORMATION SECURITY FOR SOUTH AFRICA (ISSA) |
Keywords | Field | DocType |
security metrics, decomposition, security effectiveness, security correctness, system quality | Standard of Good Practice,Security testing,Computer science,Security engineering,Software security assurance,Computer security,Security service,Security information and event management,Information security audit,Computer security model | Conference |
Citations | PageRank | References |
4 | 0.59 | 12 |
Authors | ||
1 |
Name | Order | Citations | PageRank |
---|---|---|---|
Reijo Savola | 1 | 318 | 35.00 |