A security metrics development method for software intensive systems

    Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

    2 Citations (Scopus)

    Abstract

    It is a widely accepted management principle that an activity cannot be managed well if it cannot be measured. Carefully designed security metrics can be used to offer evidence of the security behavior of the system under development or operation. We propose a systematic and holistic method for security metrics development for software intensive systems. The approach is security requirement-centric and threat and vulnerability-driven. The high-level security requirements are expressed in terms of lower-level measurable components applying a decomposition approach. Next, feasibility of the basic measurable components is investigated, and more detailed metrics developed based on selected components.
    Original languageEnglish
    Title of host publicationProceedings of the 3rd International Conference on Advances in Information Security and Its Application, ISA 2009
    Place of PublicationHeidelberg, Berlin
    PublisherSpringer
    Pages11-16
    ISBN (Print)978-3-642-02632-4
    DOIs
    Publication statusPublished - 2009
    MoE publication typeA4 Article in a conference publication

    Publication series

    SeriesCommunications in Computer and Information Science
    Volume36

    Fingerprint

    Decomposition

    Cite this

    Savola, R. (2009). A security metrics development method for software intensive systems. In Proceedings of the 3rd International Conference on Advances in Information Security and Its Application, ISA 2009 (pp. 11-16). Heidelberg, Berlin: Springer. Communications in Computer and Information Science, Vol.. 36 https://doi.org/10.1007/978-3-642-02633-1_2
    Savola, Reijo. / A security metrics development method for software intensive systems. Proceedings of the 3rd International Conference on Advances in Information Security and Its Application, ISA 2009. Heidelberg, Berlin : Springer, 2009. pp. 11-16 (Communications in Computer and Information Science, Vol. 36).
    @inproceedings{17b8d3f1bbfe4115995e24a7ccafd871,
    title = "A security metrics development method for software intensive systems",
    abstract = "It is a widely accepted management principle that an activity cannot be managed well if it cannot be measured. Carefully designed security metrics can be used to offer evidence of the security behavior of the system under development or operation. We propose a systematic and holistic method for security metrics development for software intensive systems. The approach is security requirement-centric and threat and vulnerability-driven. The high-level security requirements are expressed in terms of lower-level measurable components applying a decomposition approach. Next, feasibility of the basic measurable components is investigated, and more detailed metrics developed based on selected components.",
    author = "Reijo Savola",
    year = "2009",
    doi = "10.1007/978-3-642-02633-1_2",
    language = "English",
    isbn = "978-3-642-02632-4",
    series = "Communications in Computer and Information Science",
    publisher = "Springer",
    pages = "11--16",
    booktitle = "Proceedings of the 3rd International Conference on Advances in Information Security and Its Application, ISA 2009",
    address = "Germany",

    }

    Savola, R 2009, A security metrics development method for software intensive systems. in Proceedings of the 3rd International Conference on Advances in Information Security and Its Application, ISA 2009. Springer, Heidelberg, Berlin, Communications in Computer and Information Science, vol. 36, pp. 11-16. https://doi.org/10.1007/978-3-642-02633-1_2

    A security metrics development method for software intensive systems. / Savola, Reijo.

    Proceedings of the 3rd International Conference on Advances in Information Security and Its Application, ISA 2009. Heidelberg, Berlin : Springer, 2009. p. 11-16 (Communications in Computer and Information Science, Vol. 36).

    Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

    TY - GEN

    T1 - A security metrics development method for software intensive systems

    AU - Savola, Reijo

    PY - 2009

    Y1 - 2009

    N2 - It is a widely accepted management principle that an activity cannot be managed well if it cannot be measured. Carefully designed security metrics can be used to offer evidence of the security behavior of the system under development or operation. We propose a systematic and holistic method for security metrics development for software intensive systems. The approach is security requirement-centric and threat and vulnerability-driven. The high-level security requirements are expressed in terms of lower-level measurable components applying a decomposition approach. Next, feasibility of the basic measurable components is investigated, and more detailed metrics developed based on selected components.

    AB - It is a widely accepted management principle that an activity cannot be managed well if it cannot be measured. Carefully designed security metrics can be used to offer evidence of the security behavior of the system under development or operation. We propose a systematic and holistic method for security metrics development for software intensive systems. The approach is security requirement-centric and threat and vulnerability-driven. The high-level security requirements are expressed in terms of lower-level measurable components applying a decomposition approach. Next, feasibility of the basic measurable components is investigated, and more detailed metrics developed based on selected components.

    U2 - 10.1007/978-3-642-02633-1_2

    DO - 10.1007/978-3-642-02633-1_2

    M3 - Conference article in proceedings

    SN - 978-3-642-02632-4

    T3 - Communications in Computer and Information Science

    SP - 11

    EP - 16

    BT - Proceedings of the 3rd International Conference on Advances in Information Security and Its Application, ISA 2009

    PB - Springer

    CY - Heidelberg, Berlin

    ER -

    Savola R. A security metrics development method for software intensive systems. In Proceedings of the 3rd International Conference on Advances in Information Security and Its Application, ISA 2009. Heidelberg, Berlin: Springer. 2009. p. 11-16. (Communications in Computer and Information Science, Vol. 36). https://doi.org/10.1007/978-3-642-02633-1_2