Abstract
Digital convergence and diffusion of Information and
Communication Technology (ICT) solutions in more
traditional fields such as industrial automation is a
major source of information security threats. Obviously,
there is a need for automated information security
validation, evaluation and testing approaches.
Unfortunately, there is no practical approach to carrying
out information security evaluation in a systematic way.
Information security evaluation of software intensive and
telecommunications systems typically relies heavily on
the experience of the security professionals.
Requirements are in the focus of information security
evaluation process. Information security requirements can
be based on iterative risk, threat and vulnerability
analyses, and technical and architectural information.
There is a need for more practical ways to carry out this
iterative process. We introduce a framework for security
evaluation based on security requirement definition,
behavior modeling and evidence collection. The goal of
the decision process is to make an assessment and form
conclusions on the information security level or
performance of the system under investigation.
Original language | English |
---|---|
Publication status | Published - 2006 |
MoE publication type | Not Eligible |
Event | International Seminar on Dependable Requirements Engineering of Computerised Systems at Nuclear Power Plants - Halden, Norway Duration: 27 Nov 2006 → 29 Nov 2006 |
Conference
Conference | International Seminar on Dependable Requirements Engineering of Computerised Systems at Nuclear Power Plants |
---|---|
Country/Territory | Norway |
City | Halden |
Period | 27/11/06 → 29/11/06 |