A security metrics development method for software intensive systems

Reijo Savola

doi:10.1007/978-3-642-02633-1_2

A security metrics development method for software intensive systems

Reijo Savola

Research output: Chapter in Book/Report/Conference proceeding › Conference article in proceedings › Scientific › peer-review

6 Citations (Scopus)

Abstract

It is a widely accepted management principle that an activity cannot be managed well if it cannot be measured. Carefully designed security metrics can be used to offer evidence of the security behavior of the system under development or operation. We propose a systematic and holistic method for security metrics development for software intensive systems. The approach is security requirement-centric and threat and vulnerability-driven. The high-level security requirements are expressed in terms of lower-level measurable components applying a decomposition approach. Next, feasibility of the basic measurable components is investigated, and more detailed metrics developed based on selected components.

Original language	English
Title of host publication	Proceedings of the 3rd International Conference on Advances in Information Security and Its Application, ISA 2009
Place of Publication	Heidelberg, Berlin
Publisher	Springer
Pages	11-16
ISBN (Print)	978-3-642-02632-4
DOIs	https://doi.org/10.1007/978-3-642-02633-1_2
Publication status	Published - 2009
MoE publication type	A4 Article in a conference publication

Publication series

Series	Communications in Computer and Information Science
Volume	36

Access to Document

10.1007/978-3-642-02633-1_2

Cite this

@inproceedings{17b8d3f1bbfe4115995e24a7ccafd871,

title = "A security metrics development method for software intensive systems",

abstract = "It is a widely accepted management principle that an activity cannot be managed well if it cannot be measured. Carefully designed security metrics can be used to offer evidence of the security behavior of the system under development or operation. We propose a systematic and holistic method for security metrics development for software intensive systems. The approach is security requirement-centric and threat and vulnerability-driven. The high-level security requirements are expressed in terms of lower-level measurable components applying a decomposition approach. Next, feasibility of the basic measurable components is investigated, and more detailed metrics developed based on selected components.",

author = "Reijo Savola",

year = "2009",

doi = "10.1007/978-3-642-02633-1_2",

language = "English",

isbn = "978-3-642-02632-4",

series = "Communications in Computer and Information Science",

publisher = "Springer",

pages = "11--16",

booktitle = "Proceedings of the 3rd International Conference on Advances in Information Security and Its Application, ISA 2009",

address = "Germany",

}

A security metrics development method for software intensive systems. / Savola, Reijo.
Proceedings of the 3rd International Conference on Advances in Information Security and Its Application, ISA 2009. Heidelberg, Berlin: Springer, 2009. p. 11-16 (Communications in Computer and Information Science, Vol. 36).

Research output: Chapter in Book/Report/Conference proceeding › Conference article in proceedings › Scientific › peer-review

TY - GEN

T1 - A security metrics development method for software intensive systems

AU - Savola, Reijo

PY - 2009

Y1 - 2009

N2 - It is a widely accepted management principle that an activity cannot be managed well if it cannot be measured. Carefully designed security metrics can be used to offer evidence of the security behavior of the system under development or operation. We propose a systematic and holistic method for security metrics development for software intensive systems. The approach is security requirement-centric and threat and vulnerability-driven. The high-level security requirements are expressed in terms of lower-level measurable components applying a decomposition approach. Next, feasibility of the basic measurable components is investigated, and more detailed metrics developed based on selected components.

AB - It is a widely accepted management principle that an activity cannot be managed well if it cannot be measured. Carefully designed security metrics can be used to offer evidence of the security behavior of the system under development or operation. We propose a systematic and holistic method for security metrics development for software intensive systems. The approach is security requirement-centric and threat and vulnerability-driven. The high-level security requirements are expressed in terms of lower-level measurable components applying a decomposition approach. Next, feasibility of the basic measurable components is investigated, and more detailed metrics developed based on selected components.

U2 - 10.1007/978-3-642-02633-1_2

DO - 10.1007/978-3-642-02633-1_2

M3 - Conference article in proceedings

SN - 978-3-642-02632-4

T3 - Communications in Computer and Information Science

SP - 11

EP - 16

BT - Proceedings of the 3rd International Conference on Advances in Information Security and Its Application, ISA 2009

PB - Springer

CY - Heidelberg, Berlin

ER -

A security metrics development method for software intensive systems

Abstract

Publication series

Access to Document

Fingerprint

Cite this