On the feasibility of utilizing security metrics in software-intensive systems

Research output: Contribution to journalArticleScientificpeer-review

Abstract

Security measurement of software-intensive systems is an emerging field, rapidly gaining momentum. Well-designed security metrics offer credible and sufficient evidence of security level and performance for security decision-making. In this study, we introduce a novel security metrics feasibility validation approach, consisting of validation criteria and an associated validation process that takes into account the used measurement approaches and the use of security metrics. The approach is based on the identification of needs for and challenges in using security metrics, and the identification of good properties of security metrics from related work.
Original languageEnglish
Pages (from-to)230-239
Number of pages10
JournalInternational Journal of Computer Science and Network Security
Volume10
Issue number1
Publication statusPublished - 2010
MoE publication typeA1 Journal article-refereed

Fingerprint

Momentum
Decision making

Keywords

  • Security metrics
  • security measurement
  • feasibility
  • security engineering
  • software engineering

Cite this

@article{d3bd028ef8704b199e23ef24ecb9f012,
title = "On the feasibility of utilizing security metrics in software-intensive systems",
abstract = "Security measurement of software-intensive systems is an emerging field, rapidly gaining momentum. Well-designed security metrics offer credible and sufficient evidence of security level and performance for security decision-making. In this study, we introduce a novel security metrics feasibility validation approach, consisting of validation criteria and an associated validation process that takes into account the used measurement approaches and the use of security metrics. The approach is based on the identification of needs for and challenges in using security metrics, and the identification of good properties of security metrics from related work.",
keywords = "Security metrics, security measurement, feasibility, security engineering, software engineering",
author = "Reijo Savola",
year = "2010",
language = "English",
volume = "10",
pages = "230--239",
journal = "International Journal of Computer Science and Network Security",
issn = "1738-7906",
number = "1",

}

On the feasibility of utilizing security metrics in software-intensive systems. / Savola, Reijo.

In: International Journal of Computer Science and Network Security, Vol. 10, No. 1, 2010, p. 230-239.

Research output: Contribution to journalArticleScientificpeer-review

TY - JOUR

T1 - On the feasibility of utilizing security metrics in software-intensive systems

AU - Savola, Reijo

PY - 2010

Y1 - 2010

N2 - Security measurement of software-intensive systems is an emerging field, rapidly gaining momentum. Well-designed security metrics offer credible and sufficient evidence of security level and performance for security decision-making. In this study, we introduce a novel security metrics feasibility validation approach, consisting of validation criteria and an associated validation process that takes into account the used measurement approaches and the use of security metrics. The approach is based on the identification of needs for and challenges in using security metrics, and the identification of good properties of security metrics from related work.

AB - Security measurement of software-intensive systems is an emerging field, rapidly gaining momentum. Well-designed security metrics offer credible and sufficient evidence of security level and performance for security decision-making. In this study, we introduce a novel security metrics feasibility validation approach, consisting of validation criteria and an associated validation process that takes into account the used measurement approaches and the use of security metrics. The approach is based on the identification of needs for and challenges in using security metrics, and the identification of good properties of security metrics from related work.

KW - Security metrics

KW - security measurement

KW - feasibility

KW - security engineering

KW - software engineering

UR - http://paper.ijcsns.org/07_book/201001/20100131.pdf

M3 - Article

VL - 10

SP - 230

EP - 239

JO - International Journal of Computer Science and Network Security

JF - International Journal of Computer Science and Network Security

SN - 1738-7906

IS - 1

ER -