Abstract
We introduce a novel high-level security metrics objective
taxonomization model for software- intensive systems. The model
systematizes and organizes security metrics development activities. It
focuses on the security level and security performance of technical
systems while taking into account the alignment of metrics objectives
with different business and other management goals. The model emphasizes
the roles of security-enforcing mechanisms, the overall security
quality of the system under investigation, and secure system lifecycle,
project and business management. Security correctness, effectiveness and
efficiency are seen as the fundamental measurement objectives,
determining the directions for more detailed security metrics
development. Integration of the proposed model with riskdriven security
metrics development approaches is also discussed.
Original language | English |
---|---|
Pages (from-to) | 197-206 |
Number of pages | 10 |
Journal | Journal of Information Processing Systems |
Volume | 5 |
Issue number | 4 |
DOIs | |
Publication status | Published - 2009 |
MoE publication type | A1 Journal article-refereed |