Towards Requirement Driven Evaluation of Information Security

Research output: Contribution to conferenceConference articleScientific

Abstract

Digital convergence and diffusion of Information and Communication Technology (ICT) solutions in more traditional fields such as industrial automation is a major source of information security threats. Obviously, there is a need for automated information security validation, evaluation and testing approaches. Unfortunately, there is no practical approach to carrying out information security evaluation in a systematic way. Information security evaluation of software intensive and telecommunications systems typically relies heavily on the experience of the security professionals. Requirements are in the focus of information security evaluation process. Information security requirements can be based on iterative risk, threat and vulnerability analyses, and technical and architectural information. There is a need for more practical ways to carry out this iterative process. We introduce a framework for security evaluation based on security requirement definition, behavior modeling and evidence collection. The goal of the decision process is to make an assessment and form conclusions on the information security level or performance of the system under investigation.
Original languageEnglish
Publication statusPublished - 2006
MoE publication typeNot Eligible
EventInternational Seminar on Dependable Requirements Engineering of Computerised Systems at Nuclear Power Plants - Halden, Norway
Duration: 27 Nov 200629 Nov 2006

Conference

ConferenceInternational Seminar on Dependable Requirements Engineering of Computerised Systems at Nuclear Power Plants
CountryNorway
CityHalden
Period27/11/0629/11/06

Fingerprint Dive into the research topics of 'Towards Requirement Driven Evaluation of Information Security'. Together they form a unique fingerprint.

  • Cite this

    Savola, R. (2006). Towards Requirement Driven Evaluation of Information Security. Paper presented at International Seminar on Dependable Requirements Engineering of Computerised Systems at Nuclear Power Plants, Halden, Norway.