Information security evaluation of software-intensive systems typically relies heavily on the experience of the security professionals. Obviously, automated approaches are needed in this field. Unfortunately, there is no practical approach to carrying out security evaluation in a systematic way. We introduce a general-level holistic framework for security evaluation based on security behavior modeling and security evidence collection, and discuss its applicability to the design of security evaluation experimentation set-ups in real-world systems.
|Title of host publication||Advances in Information and Computer Security|
|Subtitle of host publication||First International Workshop on Security, IWSEC 2006, Kyoto, Japan, October 23-24, 2006. Proceedings|
|ISBN (Print)||3-540-47699-7, 978-3-540-47699-3|
|Publication status||Published - 2006|
|MoE publication type||A4 Article in a conference publication|
|Series||Lecture Notes in Computer Science|
Savola, R. (2006). A requirement centric framework for information security evaluation. In Advances in Information and Computer Security: First International Workshop on Security, IWSEC 2006, Kyoto, Japan, October 23-24, 2006. Proceedings (pp. 48-59). Springer. Lecture Notes in Computer Science, Vol.. 4266 https://doi.org/10.1007/11908739_4