Abstract
Security measurement of software-intensive
systems is an emerging field, rapidly gaining momentum. Well-designed
security metrics offer credible and sufficient evidence of security
level and performance for security decision-making. In this study, we
introduce a novel security metrics feasibility validation approach,
consisting of validation criteria and an associated validation process
that takes into account the used measurement approaches and the use of
security metrics. The approach is based on the identification of needs
for and challenges in using security metrics, and the identification of
good properties of security metrics from related work.
| Original language | English |
|---|---|
| Pages (from-to) | 230-239 |
| Number of pages | 10 |
| Journal | International Journal of Computer Science and Network Security |
| Volume | 10 |
| Issue number | 1 |
| Publication status | Published - 2010 |
| MoE publication type | A1 Journal article-refereed |
Keywords
- Security metrics
- security measurement
- feasibility
- security engineering
- software engineering