Security objectives within a security testing case study

Kaarina Karppinen, Reijo Savola, Mikko Rapeli, Esa Tikkala

    Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

    2 Citations (Scopus)

    Abstract

    Obviously, there is a need for automated information security analysis, validation, evaluation and testing approaches. Unfortunately, there is no state-of-art approach to carrying out information security evaluation in a systematic way. Information security evaluation of software-intensive and telecommunications systems typically relies heavily on the experience of the security professionals. Requirements are within the focus of the information security evaluation process. Information security requirements can be based on iterative risk, threat and vulnerability analyses, and technical and architectural information. There is a need for more practical ways to carry out this iterative process. In this paper we discuss security evaluation process, security objectives and security requirements from the basis of the experiences of a security testing project (19 refs.)
    Original languageEnglish
    Title of host publicationProceedings
    Subtitle of host publication2nd International Conference on Availability, Reliability and Security, ARES 2007
    Place of PublicationLos Alamitos, CA, USA
    PublisherIEEE Institute of Electrical and Electronic Engineers
    Pages1060-1065
    ISBN (Print)0-7695-2775-2
    DOIs
    Publication statusPublished - 2007
    MoE publication typeNot Eligible
    Event2nd International Conference on Availability, Reliability and Security, ARES 2007 - Vienna, Austria
    Duration: 10 Apr 200713 Apr 2007

    Conference

    Conference2nd International Conference on Availability, Reliability and Security, ARES 2007
    Abbreviated titleARES 2007
    CountryAustria
    CityVienna
    Period10/04/0713/04/07

    Keywords

    • information security
    • information security threats
    • security
    • security threats
    • security testing

    Fingerprint Dive into the research topics of 'Security objectives within a security testing case study'. Together they form a unique fingerprint.

    Cite this