A security metrics taxonomization model for software-intensive systems

Research output: Contribution to journalArticleScientificpeer-review

Abstract

We introduce a novel high-level security metrics objective taxonomization model for software- intensive systems. The model systematizes and organizes security metrics development activities. It focuses on the security level and security performance of technical systems while taking into account the alignment of metrics objectives with different business and other management goals. The model emphasizes the roles of security-enforcing mechanisms, the overall security quality of the system under investigation, and secure system lifecycle, project and business management. Security correctness, effectiveness and efficiency are seen as the fundamental measurement objectives, determining the directions for more detailed security metrics development. Integration of the proposed model with riskdriven security metrics development approaches is also discussed.
Original languageEnglish
Pages (from-to)197-206
Number of pages10
JournalJournal of Information Processing Systems
Volume5
Issue number4
DOIs
Publication statusPublished - 2009
MoE publication typeA1 Journal article-refereed

Fingerprint

Industry

Cite this

@article{2260377f770a4f37981b2e765bbabe42,
title = "A security metrics taxonomization model for software-intensive systems",
abstract = "We introduce a novel high-level security metrics objective taxonomization model for software- intensive systems. The model systematizes and organizes security metrics development activities. It focuses on the security level and security performance of technical systems while taking into account the alignment of metrics objectives with different business and other management goals. The model emphasizes the roles of security-enforcing mechanisms, the overall security quality of the system under investigation, and secure system lifecycle, project and business management. Security correctness, effectiveness and efficiency are seen as the fundamental measurement objectives, determining the directions for more detailed security metrics development. Integration of the proposed model with riskdriven security metrics development approaches is also discussed.",
author = "Reijo Savola",
year = "2009",
doi = "10.3745/JIPS.2009.5.4.197",
language = "English",
volume = "5",
pages = "197--206",
journal = "Journal of Information Processing Systems",
issn = "1976-913X",
publisher = "Korea Information Processing Society (KIPS)",
number = "4",

}

A security metrics taxonomization model for software-intensive systems. / Savola, Reijo.

In: Journal of Information Processing Systems, Vol. 5, No. 4, 2009, p. 197-206.

Research output: Contribution to journalArticleScientificpeer-review

TY - JOUR

T1 - A security metrics taxonomization model for software-intensive systems

AU - Savola, Reijo

PY - 2009

Y1 - 2009

N2 - We introduce a novel high-level security metrics objective taxonomization model for software- intensive systems. The model systematizes and organizes security metrics development activities. It focuses on the security level and security performance of technical systems while taking into account the alignment of metrics objectives with different business and other management goals. The model emphasizes the roles of security-enforcing mechanisms, the overall security quality of the system under investigation, and secure system lifecycle, project and business management. Security correctness, effectiveness and efficiency are seen as the fundamental measurement objectives, determining the directions for more detailed security metrics development. Integration of the proposed model with riskdriven security metrics development approaches is also discussed.

AB - We introduce a novel high-level security metrics objective taxonomization model for software- intensive systems. The model systematizes and organizes security metrics development activities. It focuses on the security level and security performance of technical systems while taking into account the alignment of metrics objectives with different business and other management goals. The model emphasizes the roles of security-enforcing mechanisms, the overall security quality of the system under investigation, and secure system lifecycle, project and business management. Security correctness, effectiveness and efficiency are seen as the fundamental measurement objectives, determining the directions for more detailed security metrics development. Integration of the proposed model with riskdriven security metrics development approaches is also discussed.

U2 - 10.3745/JIPS.2009.5.4.197

DO - 10.3745/JIPS.2009.5.4.197

M3 - Article

VL - 5

SP - 197

EP - 206

JO - Journal of Information Processing Systems

JF - Journal of Information Processing Systems

SN - 1976-913X

IS - 4

ER -