Towards Requirement Driven Evaluation of Information Security

Reijo Savola

    Research output: Contribution to conferenceConference articleScientific


    Digital convergence and diffusion of Information and Communication Technology (ICT) solutions in more traditional fields such as industrial automation is a major source of information security threats. Obviously, there is a need for automated information security validation, evaluation and testing approaches. Unfortunately, there is no practical approach to carrying out information security evaluation in a systematic way. Information security evaluation of software intensive and telecommunications systems typically relies heavily on the experience of the security professionals. Requirements are in the focus of information security evaluation process. Information security requirements can be based on iterative risk, threat and vulnerability analyses, and technical and architectural information. There is a need for more practical ways to carry out this iterative process. We introduce a framework for security evaluation based on security requirement definition, behavior modeling and evidence collection. The goal of the decision process is to make an assessment and form conclusions on the information security level or performance of the system under investigation.
    Original languageEnglish
    Publication statusPublished - 2006
    MoE publication typeNot Eligible
    EventInternational Seminar on Dependable Requirements Engineering of Computerised Systems at Nuclear Power Plants - Halden, Norway
    Duration: 27 Nov 200629 Nov 2006


    ConferenceInternational Seminar on Dependable Requirements Engineering of Computerised Systems at Nuclear Power Plants


    Dive into the research topics of 'Towards Requirement Driven Evaluation of Information Security'. Together they form a unique fingerprint.

    Cite this