Information Security Evaluation based on Requirements, Metrics and Evidence Information

Reijo Savola

    Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review


    Information security assurance and evaluation of software-intensive systems typically relies heavily on the experience of the security professionals. Obviously, automated approaches are needed in this field. Unfortunately, there is no practical approach to carrying out security evaluation in a systematic way. We introduce an iterative process for security evaluation based on security requirements, metrics and evidence collection, and discuss its applicability to the design of security evaluation experimentation set-ups in real-world systems. In this approach, security requirements can be used to define the basis for security measurements. Furthermore, other kinds of security metrics and other security evidence can be used to security decision-making.
    Original languageEnglish
    Title of host publicationProceedings of the 6th Annual Security Conference 2007
    Place of PublicationWashington, DC
    Number of pages13
    Publication statusPublished - 2007
    MoE publication typeA4 Article in a conference publication
    Event6th Annual Security Conference 2007 - Las Vegas, NV, United States
    Duration: 11 Apr 200712 Apr 2007


    Conference6th Annual Security Conference 2007
    Country/TerritoryUnited States
    CityLas Vegas, NV


    Dive into the research topics of 'Information Security Evaluation based on Requirements, Metrics and Evidence Information'. Together they form a unique fingerprint.

    Cite this