Strategies for security measurement objective decomposition

Reijo Savola

Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

6 Citations (Scopus)


Systematically managed, sufficient and credible security metrics increase the understanding of the security effectiveness level of software-intensive systems during the system development and operation.
Risk-driven top-down modeling enables systematic and meaningful security metrics development. We propose six strategies for security measurement objective decomposition.
Their focus is on metrics development for security correctness, software and system quality, partial security effectiveness, as well as security-related compliance and tradeoff decision-making.
The proposed strategies integrate an abstract security effectiveness model, security measurement objectives, and the associated measurement points in relevant system components.
Security effectiveness is emphasized in all strategies despite of other objectives.
Original languageEnglish
Title of host publicationProceedings of the 2012 Information Security for South Africa, ISSA 2012
PublisherIEEE Institute of Electrical and Electronic Engineers
Number of pages8
ISBN (Electronic)978-1-4673-2159-4
ISBN (Print)978-1-4673-2160-0
Publication statusPublished - 2012
MoE publication typeA4 Article in a conference publication
Event2012 Information Security for South Africa, ISSA 2012 - Johannesburg, Gauteng, South Africa
Duration: 15 Aug 201217 Aug 2012


Conference2012 Information Security for South Africa, ISSA 2012
Abbreviated titleISSA 2012
Country/TerritorySouth Africa
CityJohannesburg, Gauteng


Dive into the research topics of 'Strategies for security measurement objective decomposition'. Together they form a unique fingerprint.

Cite this