Systematically and carefully designed information security metrics can be used to provide evidence of the security solutions of the system under development. The lack of appropriate security solutions in software-intensive systems might have serious consequences for businesses and the stakeholders. We investigate holistic development of security metrics based on security requirement decomposition and ontologies. The high-level security requirements are expressed in terms of lower-level measurable components applying a decomposition approach. Security requirement analysis of a distributed messaging system is used as an example.
|Title of host publication||Proceedings of the 4th International Conference on Software and Data Technologies, ICSOFT 2009. Vol. 2|
|Publication status||Published - 2009|
|MoE publication type||A4 Article in a conference publication|
|Event||4th International Conference on Software and Data Technologies, ICSOFT - Sofia, Bulgaria|
Duration: 26 Jul 2009 → 29 Jul 2009
|Conference||4th International Conference on Software and Data Technologies, ICSOFT|
|Period||26/07/09 → 29/07/09|
Savola, R. (2009). Development of security metrics based on decomposition of security requirements and ontologies. In Proceedings of the 4th International Conference on Software and Data Technologies, ICSOFT 2009. Vol. 2 (pp. 171-174). Insticc press.