A requirement centric framework for information security evaluation

    Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

    2 Citations (Scopus)

    Abstract

    Information security evaluation of software-intensive systems typically relies heavily on the experience of the security professionals. Obviously, automated approaches are needed in this field. Unfortunately, there is no practical approach to carrying out security evaluation in a systematic way. We introduce a general-level holistic framework for security evaluation based on security behavior modeling and security evidence collection, and discuss its applicability to the design of security evaluation experimentation set-ups in real-world systems.
    Original languageEnglish
    Title of host publicationAdvances in Information and Computer Security
    Subtitle of host publicationFirst International Workshop on Security, IWSEC 2006, Kyoto, Japan, October 23-24, 2006. Proceedings
    PublisherSpringer
    Pages48-59
    ISBN (Electronic)978-3-540-47700-6
    ISBN (Print)3-540-47699-7, 978-3-540-47699-3
    DOIs
    Publication statusPublished - 2006
    MoE publication typeA4 Article in a conference publication

    Publication series

    SeriesLecture Notes in Computer Science
    Volume4266
    ISSN0302-9743

    Fingerprint Dive into the research topics of 'A requirement centric framework for information security evaluation'. Together they form a unique fingerprint.

  • Cite this

    Savola, R. (2006). A requirement centric framework for information security evaluation. In Advances in Information and Computer Security: First International Workshop on Security, IWSEC 2006, Kyoto, Japan, October 23-24, 2006. Proceedings (pp. 48-59). Springer. Lecture Notes in Computer Science, Vol.. 4266 https://doi.org/10.1007/11908739_4