Abstract
In order to obtain evidence about the security strength or performance
in software products and telecommunication systems we need automated
information security analysis, validation, evaluation and testing approaches.
Unfortunately, no widely accepted practical approaches are available.
Information security testing of software-intensive and telecommunications
systems typically relies heavily on the experience of the security
professionals. In this study, we argue that security requirements are within
the focus of the information security testing process. Information security
requirements can be based on iterative risk, threat and vulnerability
analyses, and technical and architectural information. We discuss security
testing process, security objectives and security requirements from the basis
of the experiences of a security testing case study project.
Original language | English |
---|---|
Title of host publication | Proceedings of the 2009 International Conference on Multimedia Computing and Systems, ICMCS 2009 |
Pages | 138-143 |
ISBN (Electronic) | 978-1-4244-3757-3 |
DOIs | |
Publication status | Published - 2009 |
MoE publication type | A4 Article in a conference publication |
Event | International Conference on Multimedia Computing and Systems, ICMCS 2009 - Quarzazate, Morocco Duration: 2 Apr 2009 → 4 Apr 2009 |
Conference
Conference | International Conference on Multimedia Computing and Systems, ICMCS 2009 |
---|---|
Abbreviated title | ICMCS 2009 |
Country/Territory | Morocco |
City | Quarzazate |
Period | 2/04/09 → 4/04/09 |
Keywords
- Security assurance
- Security metrics
- Security monitoring
- Security requirements
- Security testing