Strategies for security measurement objective decomposition

Reijo Savola

doi:10.1109/ISSA.2012.6320434

Strategies for security measurement objective decomposition

Reijo Savola

VTT Technical Research Centre of Finland

Research output: Chapter in Book/Report/Conference proceeding › Conference article in proceedings › Scientific › peer-review

6 Citations (Scopus)

Abstract

Systematically managed, sufficient and credible security metrics increase the understanding of the security effectiveness level of software-intensive systems during the system development and operation.
Risk-driven top-down modeling enables systematic and meaningful security metrics development. We propose six strategies for security measurement objective decomposition.
Their focus is on metrics development for security correctness, software and system quality, partial security effectiveness, as well as security-related compliance and tradeoff decision-making.
The proposed strategies integrate an abstract security effectiveness model, security measurement objectives, and the associated measurement points in relevant system components.
Security effectiveness is emphasized in all strategies despite of other objectives.

Original language	English
Title of host publication	Proceedings of the 2012 Information Security for South Africa, ISSA 2012
Publisher	IEEE Institute of Electrical and Electronic Engineers
Number of pages	8
ISBN (Electronic)	978-1-4673-2159-4
ISBN (Print)	978-1-4673-2160-0
DOIs	https://doi.org/10.1109/ISSA.2012.6320434
Publication status	Published - 2012
MoE publication type	A4 Article in a conference publication
Event	2012 Information Security for South Africa, ISSA 2012 - Johannesburg, Gauteng, South Africa Duration: 15 Aug 2012 → 17 Aug 2012

Conference

Conference	2012 Information Security for South Africa, ISSA 2012
Abbreviated title	ISSA 2012
Country/Territory	South Africa
City	Johannesburg, Gauteng
Period	15/08/12 → 17/08/12

Access to Document

10.1109/ISSA.2012.6320434

Cite this

@inproceedings{da7982a35184499ca8a533317f449462,

title = "Strategies for security measurement objective decomposition",

abstract = "Systematically managed, sufficient and credible security metrics increase the understanding of the security effectiveness level of software-intensive systems during the system development and operation. Risk-driven top-down modeling enables systematic and meaningful security metrics development. We propose six strategies for security measurement objective decomposition. Their focus is on metrics development for security correctness, software and system quality, partial security effectiveness, as well as security-related compliance and tradeoff decision-making. The proposed strategies integrate an abstract security effectiveness model, security measurement objectives, and the associated measurement points in relevant system components. Security effectiveness is emphasized in all strategies despite of other objectives.",

author = "Reijo Savola",

year = "2012",

doi = "10.1109/ISSA.2012.6320434",

language = "English",

isbn = "978-1-4673-2160-0",

booktitle = "Proceedings of the 2012 Information Security for South Africa, ISSA 2012",

publisher = "IEEE Institute of Electrical and Electronic Engineers",

address = "United States",

note = "2012 Information Security for South Africa, ISSA 2012, ISSA 2012 ; Conference date: 15-08-2012 Through 17-08-2012",

}

TY - GEN

T1 - Strategies for security measurement objective decomposition

AU - Savola, Reijo

PY - 2012

Y1 - 2012

N2 - Systematically managed, sufficient and credible security metrics increase the understanding of the security effectiveness level of software-intensive systems during the system development and operation. Risk-driven top-down modeling enables systematic and meaningful security metrics development. We propose six strategies for security measurement objective decomposition. Their focus is on metrics development for security correctness, software and system quality, partial security effectiveness, as well as security-related compliance and tradeoff decision-making. The proposed strategies integrate an abstract security effectiveness model, security measurement objectives, and the associated measurement points in relevant system components. Security effectiveness is emphasized in all strategies despite of other objectives.

AB - Systematically managed, sufficient and credible security metrics increase the understanding of the security effectiveness level of software-intensive systems during the system development and operation. Risk-driven top-down modeling enables systematic and meaningful security metrics development. We propose six strategies for security measurement objective decomposition. Their focus is on metrics development for security correctness, software and system quality, partial security effectiveness, as well as security-related compliance and tradeoff decision-making. The proposed strategies integrate an abstract security effectiveness model, security measurement objectives, and the associated measurement points in relevant system components. Security effectiveness is emphasized in all strategies despite of other objectives.

U2 - 10.1109/ISSA.2012.6320434

DO - 10.1109/ISSA.2012.6320434

M3 - Conference article in proceedings

SN - 978-1-4673-2160-0

BT - Proceedings of the 2012 Information Security for South Africa, ISSA 2012

PB - IEEE Institute of Electrical and Electronic Engineers

T2 - 2012 Information Security for South Africa, ISSA 2012

Y2 - 15 August 2012 through 17 August 2012

ER -

Strategies for security measurement objective decomposition

Abstract

Conference

Access to Document

Fingerprint

Cite this