Strategies for security measurement objective decomposition

Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

5 Citations (Scopus)

Abstract

Systematically managed, sufficient and credible security metrics increase the understanding of the security effectiveness level of software-intensive systems during the system development and operation.
Risk-driven top-down modeling enables systematic and meaningful security metrics development. We propose six strategies for security measurement objective decomposition.
Their focus is on metrics development for security correctness, software and system quality, partial security effectiveness, as well as security-related compliance and tradeoff decision-making.
The proposed strategies integrate an abstract security effectiveness model, security measurement objectives, and the associated measurement points in relevant system components.
Security effectiveness is emphasized in all strategies despite of other objectives.
Original languageEnglish
Title of host publicationProceedings of the 2012 Information Security for South Africa, ISSA 2012
PublisherIEEE Institute of Electrical and Electronic Engineers
Number of pages8
ISBN (Electronic)978-1-4673-2159-4
ISBN (Print)978-1-4673-2160-0
DOIs
Publication statusPublished - 2012
MoE publication typeA4 Article in a conference publication
Event2012 Information Security for South Africa, ISSA 2012 - Johannesburg, Gauteng, South Africa
Duration: 15 Aug 201217 Aug 2012

Conference

Conference2012 Information Security for South Africa, ISSA 2012
Abbreviated titleISSA 2012
CountrySouth Africa
CityJohannesburg, Gauteng
Period15/08/1217/08/12

Fingerprint Dive into the research topics of 'Strategies for security measurement objective decomposition'. Together they form a unique fingerprint.

  • Cite this

    Savola, R. (2012). Strategies for security measurement objective decomposition. In Proceedings of the 2012 Information Security for South Africa, ISSA 2012 IEEE Institute of Electrical and Electronic Engineers. https://doi.org/10.1109/ISSA.2012.6320434