Abstract
Appropriate information security solutions for software-intensive
systems, together with evidence of their security performance help to prevent
serious consequences for businesses and the stakeholders. Security metrics
can be used to offer this evidence. We investigate practical and holistic
development of security metrics for software-intensive systems. Our approach
is security requirement-centric. The high-level security requirements are
expressed in terms of lower-level measurable components applying a
decomposition approach. Detailed security metrics are developed based on the
basic measurable components identified at the leaf level of the decomposition.
Original language | English |
---|---|
Title of host publication | Proceeedings of the ISSA 2009 Conference |
Place of Publication | Johannesburg |
Publisher | University of Pretoria |
Pages | 69-80 |
ISBN (Print) | 978-1-86854-740-1 |
Publication status | Published - 2009 |
MoE publication type | A4 Article in a conference publication |
Event | 2009 Information Security South Africa, ISSA 2009 Conference - Johannesburg, South Africa Duration: 6 Jul 2009 → 8 Jul 2009 |
Conference
Conference | 2009 Information Security South Africa, ISSA 2009 Conference |
---|---|
Country/Territory | South Africa |
City | Johannesburg |
Period | 6/07/09 → 8/07/09 |