Abstract
Obviously, there is a need for automated information security analysis,
validation, evaluation and testing approaches. Unfortunately, there is no
state-of-art approach to carrying out information security evaluation in a
systematic way. Information security evaluation of software-intensive and
telecommunications systems typically relies heavily on the experience of the
security professionals. Requirements are within the focus of the information
security evaluation process. Information security requirements can be based on
iterative risk, threat and vulnerability analyses, and technical and
architectural information. There is a need for more practical ways to carry
out this iterative process. In this paper we discuss security evaluation
process, security objectives and security requirements from the basis of the
experiences of a security testing project (19 refs.)
Original language | English |
---|---|
Title of host publication | Proceedings |
Subtitle of host publication | 2nd International Conference on Availability, Reliability and Security, ARES 2007 |
Place of Publication | Los Alamitos, CA, USA |
Publisher | IEEE Institute of Electrical and Electronic Engineers |
Pages | 1060-1065 |
ISBN (Print) | 0-7695-2775-2 |
DOIs | |
Publication status | Published - 2007 |
MoE publication type | Not Eligible |
Event | 2nd International Conference on Availability, Reliability and Security, ARES 2007 - Vienna, Austria Duration: 10 Apr 2007 → 13 Apr 2007 |
Conference
Conference | 2nd International Conference on Availability, Reliability and Security, ARES 2007 |
---|---|
Abbreviated title | ARES 2007 |
Country/Territory | Austria |
City | Vienna |
Period | 10/04/07 → 13/04/07 |
Keywords
- information security
- information security threats
- security
- security threats
- security testing