Strategies for security measurement objective decomposition

Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

5 Citations (Scopus)

Abstract

Systematically managed, sufficient and credible security metrics increase the understanding of the security effectiveness level of software-intensive systems during the system development and operation.
Risk-driven top-down modeling enables systematic and meaningful security metrics development. We propose six strategies for security measurement objective decomposition.
Their focus is on metrics development for security correctness, software and system quality, partial security effectiveness, as well as security-related compliance and tradeoff decision-making.
The proposed strategies integrate an abstract security effectiveness model, security measurement objectives, and the associated measurement points in relevant system components.
Security effectiveness is emphasized in all strategies despite of other objectives.
Original languageEnglish
Title of host publicationProceedings of the 2012 Information Security for South Africa, ISSA 2012
PublisherInstitute of Electrical and Electronic Engineers IEEE
Number of pages8
ISBN (Electronic)978-1-4673-2159-4
ISBN (Print)978-1-4673-2160-0
DOIs
Publication statusPublished - 2012
MoE publication typeA4 Article in a conference publication
Event2012 Information Security for South Africa, ISSA 2012 - Johannesburg, Gauteng, South Africa
Duration: 15 Aug 201217 Aug 2012

Conference

Conference2012 Information Security for South Africa, ISSA 2012
Abbreviated titleISSA 2012
CountrySouth Africa
CityJohannesburg, Gauteng
Period15/08/1217/08/12

Fingerprint

Decomposition
Decision making
Compliance

Cite this

Savola, R. (2012). Strategies for security measurement objective decomposition. In Proceedings of the 2012 Information Security for South Africa, ISSA 2012 Institute of Electrical and Electronic Engineers IEEE. https://doi.org/10.1109/ISSA.2012.6320434
Savola, Reijo. / Strategies for security measurement objective decomposition. Proceedings of the 2012 Information Security for South Africa, ISSA 2012. Institute of Electrical and Electronic Engineers IEEE, 2012.
@inproceedings{da7982a35184499ca8a533317f449462,
title = "Strategies for security measurement objective decomposition",
abstract = "Systematically managed, sufficient and credible security metrics increase the understanding of the security effectiveness level of software-intensive systems during the system development and operation. Risk-driven top-down modeling enables systematic and meaningful security metrics development. We propose six strategies for security measurement objective decomposition. Their focus is on metrics development for security correctness, software and system quality, partial security effectiveness, as well as security-related compliance and tradeoff decision-making. The proposed strategies integrate an abstract security effectiveness model, security measurement objectives, and the associated measurement points in relevant system components. Security effectiveness is emphasized in all strategies despite of other objectives.",
author = "Reijo Savola",
year = "2012",
doi = "10.1109/ISSA.2012.6320434",
language = "English",
isbn = "978-1-4673-2160-0",
booktitle = "Proceedings of the 2012 Information Security for South Africa, ISSA 2012",
publisher = "Institute of Electrical and Electronic Engineers IEEE",
address = "United States",

}

Savola, R 2012, Strategies for security measurement objective decomposition. in Proceedings of the 2012 Information Security for South Africa, ISSA 2012. Institute of Electrical and Electronic Engineers IEEE, 2012 Information Security for South Africa, ISSA 2012, Johannesburg, Gauteng, South Africa, 15/08/12. https://doi.org/10.1109/ISSA.2012.6320434

Strategies for security measurement objective decomposition. / Savola, Reijo.

Proceedings of the 2012 Information Security for South Africa, ISSA 2012. Institute of Electrical and Electronic Engineers IEEE, 2012.

Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

TY - GEN

T1 - Strategies for security measurement objective decomposition

AU - Savola, Reijo

PY - 2012

Y1 - 2012

N2 - Systematically managed, sufficient and credible security metrics increase the understanding of the security effectiveness level of software-intensive systems during the system development and operation. Risk-driven top-down modeling enables systematic and meaningful security metrics development. We propose six strategies for security measurement objective decomposition. Their focus is on metrics development for security correctness, software and system quality, partial security effectiveness, as well as security-related compliance and tradeoff decision-making. The proposed strategies integrate an abstract security effectiveness model, security measurement objectives, and the associated measurement points in relevant system components. Security effectiveness is emphasized in all strategies despite of other objectives.

AB - Systematically managed, sufficient and credible security metrics increase the understanding of the security effectiveness level of software-intensive systems during the system development and operation. Risk-driven top-down modeling enables systematic and meaningful security metrics development. We propose six strategies for security measurement objective decomposition. Their focus is on metrics development for security correctness, software and system quality, partial security effectiveness, as well as security-related compliance and tradeoff decision-making. The proposed strategies integrate an abstract security effectiveness model, security measurement objectives, and the associated measurement points in relevant system components. Security effectiveness is emphasized in all strategies despite of other objectives.

U2 - 10.1109/ISSA.2012.6320434

DO - 10.1109/ISSA.2012.6320434

M3 - Conference article in proceedings

SN - 978-1-4673-2160-0

BT - Proceedings of the 2012 Information Security for South Africa, ISSA 2012

PB - Institute of Electrical and Electronic Engineers IEEE

ER -

Savola R. Strategies for security measurement objective decomposition. In Proceedings of the 2012 Information Security for South Africa, ISSA 2012. Institute of Electrical and Electronic Engineers IEEE. 2012 https://doi.org/10.1109/ISSA.2012.6320434