A security metrics taxonomization model for software-intensive systems

    Research output: Contribution to journalArticleScientificpeer-review

    Abstract

    We introduce a novel high-level security metrics objective taxonomization model for software- intensive systems. The model systematizes and organizes security metrics development activities. It focuses on the security level and security performance of technical systems while taking into account the alignment of metrics objectives with different business and other management goals. The model emphasizes the roles of security-enforcing mechanisms, the overall security quality of the system under investigation, and secure system lifecycle, project and business management. Security correctness, effectiveness and efficiency are seen as the fundamental measurement objectives, determining the directions for more detailed security metrics development. Integration of the proposed model with riskdriven security metrics development approaches is also discussed.
    Original languageEnglish
    Pages (from-to)197-206
    Number of pages10
    JournalJournal of Information Processing Systems
    Volume5
    Issue number4
    DOIs
    Publication statusPublished - 2009
    MoE publication typeA1 Journal article-refereed

    Fingerprint Dive into the research topics of 'A security metrics taxonomization model for software-intensive systems'. Together they form a unique fingerprint.

    Cite this