Identification of basic measurable security components in software intensive systems

Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

Abstract

Appropriate information security solutions for software-intensive systems, together with evidence of their security performance help to prevent serious consequences for businesses and the stakeholders. Security metrics can be used to offer this evidence. We investigate practical and holistic development of security metrics for software-intensive systems. Our approach is security requirement-centric. The high-level security requirements are expressed in terms of lower-level measurable components applying a decomposition approach. Detailed security metrics are developed based on the basic measurable components identified at the leaf level of the decomposition.
Original languageEnglish
Title of host publicationProceeedings of the ISSA 2009 Conference
Place of PublicationJohannesburg
PublisherUniversity of Pretoria
Pages69-80
ISBN (Print)978-1-86854-740-1
Publication statusPublished - 2009
MoE publication typeA4 Article in a conference publication
Event2009 Information Security South Africa, ISSA 2009 Conference - Johannesburg, South Africa
Duration: 6 Jul 20098 Jul 2009

Conference

Conference2009 Information Security South Africa, ISSA 2009 Conference
CountrySouth Africa
CityJohannesburg
Period6/07/098/07/09

Fingerprint

Decomposition
Security of data
Industry

Cite this

Savola, R. (2009). Identification of basic measurable security components in software intensive systems. In Proceeedings of the ISSA 2009 Conference (pp. 69-80). Johannesburg: University of Pretoria.
Savola, Reijo. / Identification of basic measurable security components in software intensive systems. Proceeedings of the ISSA 2009 Conference. Johannesburg : University of Pretoria, 2009. pp. 69-80
@inproceedings{ecf0e162d56345bf9e61ca26eee05a46,
title = "Identification of basic measurable security components in software intensive systems",
abstract = "Appropriate information security solutions for software-intensive systems, together with evidence of their security performance help to prevent serious consequences for businesses and the stakeholders. Security metrics can be used to offer this evidence. We investigate practical and holistic development of security metrics for software-intensive systems. Our approach is security requirement-centric. The high-level security requirements are expressed in terms of lower-level measurable components applying a decomposition approach. Detailed security metrics are developed based on the basic measurable components identified at the leaf level of the decomposition.",
author = "Reijo Savola",
year = "2009",
language = "English",
isbn = "978-1-86854-740-1",
pages = "69--80",
booktitle = "Proceeedings of the ISSA 2009 Conference",
publisher = "University of Pretoria",
address = "South Africa",

}

Savola, R 2009, Identification of basic measurable security components in software intensive systems. in Proceeedings of the ISSA 2009 Conference. University of Pretoria, Johannesburg, pp. 69-80, 2009 Information Security South Africa, ISSA 2009 Conference, Johannesburg, South Africa, 6/07/09.

Identification of basic measurable security components in software intensive systems. / Savola, Reijo.

Proceeedings of the ISSA 2009 Conference. Johannesburg : University of Pretoria, 2009. p. 69-80.

Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

TY - GEN

T1 - Identification of basic measurable security components in software intensive systems

AU - Savola, Reijo

PY - 2009

Y1 - 2009

N2 - Appropriate information security solutions for software-intensive systems, together with evidence of their security performance help to prevent serious consequences for businesses and the stakeholders. Security metrics can be used to offer this evidence. We investigate practical and holistic development of security metrics for software-intensive systems. Our approach is security requirement-centric. The high-level security requirements are expressed in terms of lower-level measurable components applying a decomposition approach. Detailed security metrics are developed based on the basic measurable components identified at the leaf level of the decomposition.

AB - Appropriate information security solutions for software-intensive systems, together with evidence of their security performance help to prevent serious consequences for businesses and the stakeholders. Security metrics can be used to offer this evidence. We investigate practical and holistic development of security metrics for software-intensive systems. Our approach is security requirement-centric. The high-level security requirements are expressed in terms of lower-level measurable components applying a decomposition approach. Detailed security metrics are developed based on the basic measurable components identified at the leaf level of the decomposition.

M3 - Conference article in proceedings

SN - 978-1-86854-740-1

SP - 69

EP - 80

BT - Proceeedings of the ISSA 2009 Conference

PB - University of Pretoria

CY - Johannesburg

ER -

Savola R. Identification of basic measurable security components in software intensive systems. In Proceeedings of the ISSA 2009 Conference. Johannesburg: University of Pretoria. 2009. p. 69-80