Security objectives within a security testing case study

Kaarina Karppinen, Reijo Savola, Mikko Rapeli, Esa Tikkala

Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

2 Citations (Scopus)

Abstract

Obviously, there is a need for automated information security analysis, validation, evaluation and testing approaches. Unfortunately, there is no state-of-art approach to carrying out information security evaluation in a systematic way. Information security evaluation of software-intensive and telecommunications systems typically relies heavily on the experience of the security professionals. Requirements are within the focus of the information security evaluation process. Information security requirements can be based on iterative risk, threat and vulnerability analyses, and technical and architectural information. There is a need for more practical ways to carry out this iterative process. In this paper we discuss security evaluation process, security objectives and security requirements from the basis of the experiences of a security testing project (19 refs.)
Original languageEnglish
Title of host publicationProceedings
Subtitle of host publication2nd International Conference on Availability, Reliability and Security, ARES 2007
Place of PublicationLos Alamitos, CA, USA
PublisherIEEE Institute of Electrical and Electronic Engineers
Pages1060-1065
ISBN (Print)0-7695-2775-2
DOIs
Publication statusPublished - 2007
MoE publication typeNot Eligible
Event2nd International Conference on Availability, Reliability and Security, ARES 2007 - Vienna, Austria
Duration: 10 Apr 200713 Apr 2007

Conference

Conference2nd International Conference on Availability, Reliability and Security, ARES 2007
Abbreviated titleARES 2007
CountryAustria
CityVienna
Period10/04/0713/04/07

Fingerprint

Security of data
Testing
Telecommunication systems

Keywords

  • information security
  • information security threats
  • security
  • security threats
  • security testing

Cite this

Karppinen, K., Savola, R., Rapeli, M., & Tikkala, E. (2007). Security objectives within a security testing case study. In Proceedings : 2nd International Conference on Availability, Reliability and Security, ARES 2007 (pp. 1060-1065). Los Alamitos, CA, USA: IEEE Institute of Electrical and Electronic Engineers . https://doi.org/10.1109/ARES.2007.136
Karppinen, Kaarina ; Savola, Reijo ; Rapeli, Mikko ; Tikkala, Esa. / Security objectives within a security testing case study. Proceedings : 2nd International Conference on Availability, Reliability and Security, ARES 2007. Los Alamitos, CA, USA : IEEE Institute of Electrical and Electronic Engineers , 2007. pp. 1060-1065
@inproceedings{3f0dd70c0da94ddc829908513939db23,
title = "Security objectives within a security testing case study",
abstract = "Obviously, there is a need for automated information security analysis, validation, evaluation and testing approaches. Unfortunately, there is no state-of-art approach to carrying out information security evaluation in a systematic way. Information security evaluation of software-intensive and telecommunications systems typically relies heavily on the experience of the security professionals. Requirements are within the focus of the information security evaluation process. Information security requirements can be based on iterative risk, threat and vulnerability analyses, and technical and architectural information. There is a need for more practical ways to carry out this iterative process. In this paper we discuss security evaluation process, security objectives and security requirements from the basis of the experiences of a security testing project (19 refs.)",
keywords = "information security, information security threats, security, security threats, security testing",
author = "Kaarina Karppinen and Reijo Savola and Mikko Rapeli and Esa Tikkala",
year = "2007",
doi = "10.1109/ARES.2007.136",
language = "English",
isbn = "0-7695-2775-2",
pages = "1060--1065",
booktitle = "Proceedings",
publisher = "IEEE Institute of Electrical and Electronic Engineers",
address = "United States",

}

Karppinen, K, Savola, R, Rapeli, M & Tikkala, E 2007, Security objectives within a security testing case study. in Proceedings : 2nd International Conference on Availability, Reliability and Security, ARES 2007. IEEE Institute of Electrical and Electronic Engineers , Los Alamitos, CA, USA, pp. 1060-1065, 2nd International Conference on Availability, Reliability and Security, ARES 2007, Vienna, Austria, 10/04/07. https://doi.org/10.1109/ARES.2007.136

Security objectives within a security testing case study. / Karppinen, Kaarina; Savola, Reijo; Rapeli, Mikko; Tikkala, Esa.

Proceedings : 2nd International Conference on Availability, Reliability and Security, ARES 2007. Los Alamitos, CA, USA : IEEE Institute of Electrical and Electronic Engineers , 2007. p. 1060-1065.

Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

TY - GEN

T1 - Security objectives within a security testing case study

AU - Karppinen, Kaarina

AU - Savola, Reijo

AU - Rapeli, Mikko

AU - Tikkala, Esa

PY - 2007

Y1 - 2007

N2 - Obviously, there is a need for automated information security analysis, validation, evaluation and testing approaches. Unfortunately, there is no state-of-art approach to carrying out information security evaluation in a systematic way. Information security evaluation of software-intensive and telecommunications systems typically relies heavily on the experience of the security professionals. Requirements are within the focus of the information security evaluation process. Information security requirements can be based on iterative risk, threat and vulnerability analyses, and technical and architectural information. There is a need for more practical ways to carry out this iterative process. In this paper we discuss security evaluation process, security objectives and security requirements from the basis of the experiences of a security testing project (19 refs.)

AB - Obviously, there is a need for automated information security analysis, validation, evaluation and testing approaches. Unfortunately, there is no state-of-art approach to carrying out information security evaluation in a systematic way. Information security evaluation of software-intensive and telecommunications systems typically relies heavily on the experience of the security professionals. Requirements are within the focus of the information security evaluation process. Information security requirements can be based on iterative risk, threat and vulnerability analyses, and technical and architectural information. There is a need for more practical ways to carry out this iterative process. In this paper we discuss security evaluation process, security objectives and security requirements from the basis of the experiences of a security testing project (19 refs.)

KW - information security

KW - information security threats

KW - security

KW - security threats

KW - security testing

U2 - 10.1109/ARES.2007.136

DO - 10.1109/ARES.2007.136

M3 - Conference article in proceedings

SN - 0-7695-2775-2

SP - 1060

EP - 1065

BT - Proceedings

PB - IEEE Institute of Electrical and Electronic Engineers

CY - Los Alamitos, CA, USA

ER -

Karppinen K, Savola R, Rapeli M, Tikkala E. Security objectives within a security testing case study. In Proceedings : 2nd International Conference on Availability, Reliability and Security, ARES 2007. Los Alamitos, CA, USA: IEEE Institute of Electrical and Electronic Engineers . 2007. p. 1060-1065 https://doi.org/10.1109/ARES.2007.136