A security metrics development method for software intensive systems

Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

2 Citations (Scopus)

Abstract

It is a widely accepted management principle that an activity cannot be managed well if it cannot be measured. Carefully designed security metrics can be used to offer evidence of the security behavior of the system under development or operation. We propose a systematic and holistic method for security metrics development for software intensive systems. The approach is security requirement-centric and threat and vulnerability-driven. The high-level security requirements are expressed in terms of lower-level measurable components applying a decomposition approach. Next, feasibility of the basic measurable components is investigated, and more detailed metrics developed based on selected components.
Original languageEnglish
Title of host publicationProceedings of the 3rd International Conference on Advances in Information Security and Its Application, ISA 2009
Place of PublicationHeidelberg, Berlin
PublisherSpringer
Pages11-16
ISBN (Print)978-3-642-02632-4
DOIs
Publication statusPublished - 2009
MoE publication typeA4 Article in a conference publication

Publication series

NameCommunications in Computer and Information Science (CCIS)
PublisherSpringer
Volume36

Fingerprint

Decomposition

Cite this

Savola, R. (2009). A security metrics development method for software intensive systems. In Proceedings of the 3rd International Conference on Advances in Information Security and Its Application, ISA 2009 (pp. 11-16). Heidelberg, Berlin: Springer. Communications in Computer and Information Science, Vol.. 36 https://doi.org/10.1007/978-3-642-02633-1_2
Savola, Reijo. / A security metrics development method for software intensive systems. Proceedings of the 3rd International Conference on Advances in Information Security and Its Application, ISA 2009. Heidelberg, Berlin : Springer, 2009. pp. 11-16 (Communications in Computer and Information Science, Vol. 36).
@inproceedings{17b8d3f1bbfe4115995e24a7ccafd871,
title = "A security metrics development method for software intensive systems",
abstract = "It is a widely accepted management principle that an activity cannot be managed well if it cannot be measured. Carefully designed security metrics can be used to offer evidence of the security behavior of the system under development or operation. We propose a systematic and holistic method for security metrics development for software intensive systems. The approach is security requirement-centric and threat and vulnerability-driven. The high-level security requirements are expressed in terms of lower-level measurable components applying a decomposition approach. Next, feasibility of the basic measurable components is investigated, and more detailed metrics developed based on selected components.",
author = "Reijo Savola",
year = "2009",
doi = "10.1007/978-3-642-02633-1_2",
language = "English",
isbn = "978-3-642-02632-4",
series = "Communications in Computer and Information Science (CCIS)",
publisher = "Springer",
pages = "11--16",
booktitle = "Proceedings of the 3rd International Conference on Advances in Information Security and Its Application, ISA 2009",
address = "Germany",

}

Savola, R 2009, A security metrics development method for software intensive systems. in Proceedings of the 3rd International Conference on Advances in Information Security and Its Application, ISA 2009. Springer, Heidelberg, Berlin, Communications in Computer and Information Science, vol. 36, pp. 11-16. https://doi.org/10.1007/978-3-642-02633-1_2

A security metrics development method for software intensive systems. / Savola, Reijo.

Proceedings of the 3rd International Conference on Advances in Information Security and Its Application, ISA 2009. Heidelberg, Berlin : Springer, 2009. p. 11-16 (Communications in Computer and Information Science, Vol. 36).

Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

TY - GEN

T1 - A security metrics development method for software intensive systems

AU - Savola, Reijo

PY - 2009

Y1 - 2009

N2 - It is a widely accepted management principle that an activity cannot be managed well if it cannot be measured. Carefully designed security metrics can be used to offer evidence of the security behavior of the system under development or operation. We propose a systematic and holistic method for security metrics development for software intensive systems. The approach is security requirement-centric and threat and vulnerability-driven. The high-level security requirements are expressed in terms of lower-level measurable components applying a decomposition approach. Next, feasibility of the basic measurable components is investigated, and more detailed metrics developed based on selected components.

AB - It is a widely accepted management principle that an activity cannot be managed well if it cannot be measured. Carefully designed security metrics can be used to offer evidence of the security behavior of the system under development or operation. We propose a systematic and holistic method for security metrics development for software intensive systems. The approach is security requirement-centric and threat and vulnerability-driven. The high-level security requirements are expressed in terms of lower-level measurable components applying a decomposition approach. Next, feasibility of the basic measurable components is investigated, and more detailed metrics developed based on selected components.

U2 - 10.1007/978-3-642-02633-1_2

DO - 10.1007/978-3-642-02633-1_2

M3 - Conference article in proceedings

SN - 978-3-642-02632-4

T3 - Communications in Computer and Information Science (CCIS)

SP - 11

EP - 16

BT - Proceedings of the 3rd International Conference on Advances in Information Security and Its Application, ISA 2009

PB - Springer

CY - Heidelberg, Berlin

ER -

Savola R. A security metrics development method for software intensive systems. In Proceedings of the 3rd International Conference on Advances in Information Security and Its Application, ISA 2009. Heidelberg, Berlin: Springer. 2009. p. 11-16. (Communications in Computer and Information Science, Vol. 36). https://doi.org/10.1007/978-3-642-02633-1_2