Towards security effectiveness measurement utilizing risk-based security assurance

Reijo Savola, Heimo Pentikäinen, Moussa Ouedraogo

Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

9 Citations (Scopus)

Abstract

Systematic and practical approaches to risk-driven operational security evidence help ensure the effectiveness and efficiency of security controls in business-critical applications and services.
This paper introduces an enhanced methodology to develop security effectiveness metrics that can be used in connection with correctness assurance of security controls.
This methodology is then applied to an example system: a Push E-mail service.
The methodology is based on threat and vulnerability analysis, and parallel security requirement and system architecture decomposition.
Original languageEnglish
Title of host publicationProceedings of the Information Security for South Africa, ISSA 2010
PublisherInstitute of Electrical and Electronic Engineers IEEE
Number of pages8
ISBN (Electronic)978-1-4244-5495-2
ISBN (Print)978-1-4244-5493-8
DOIs
Publication statusPublished - 2010
MoE publication typeA4 Article in a conference publication
Event2011 Conference on Information Security for South Africa, ISSA 2011 - Johannesburg, South Africa
Duration: 15 Aug 201117 Aug 2011

Conference

Conference2011 Conference on Information Security for South Africa, ISSA 2011
Abbreviated titleISSA 2011
CountrySouth Africa
CityJohannesburg
Period15/08/1117/08/11

Fingerprint

Electronic mail
Decomposition
Industry

Cite this

Savola, R., Pentikäinen, H., & Ouedraogo, M. (2010). Towards security effectiveness measurement utilizing risk-based security assurance. In Proceedings of the Information Security for South Africa, ISSA 2010 Institute of Electrical and Electronic Engineers IEEE. https://doi.org/10.1109/ISSA.2010.5588322
Savola, Reijo ; Pentikäinen, Heimo ; Ouedraogo, Moussa. / Towards security effectiveness measurement utilizing risk-based security assurance. Proceedings of the Information Security for South Africa, ISSA 2010 . Institute of Electrical and Electronic Engineers IEEE, 2010.
@inproceedings{e589a47d47dd407ca374e3e01f96d317,
title = "Towards security effectiveness measurement utilizing risk-based security assurance",
abstract = "Systematic and practical approaches to risk-driven operational security evidence help ensure the effectiveness and efficiency of security controls in business-critical applications and services. This paper introduces an enhanced methodology to develop security effectiveness metrics that can be used in connection with correctness assurance of security controls. This methodology is then applied to an example system: a Push E-mail service. The methodology is based on threat and vulnerability analysis, and parallel security requirement and system architecture decomposition.",
author = "Reijo Savola and Heimo Pentik{\"a}inen and Moussa Ouedraogo",
year = "2010",
doi = "10.1109/ISSA.2010.5588322",
language = "English",
isbn = "978-1-4244-5493-8",
booktitle = "Proceedings of the Information Security for South Africa, ISSA 2010",
publisher = "Institute of Electrical and Electronic Engineers IEEE",
address = "United States",

}

Savola, R, Pentikäinen, H & Ouedraogo, M 2010, Towards security effectiveness measurement utilizing risk-based security assurance. in Proceedings of the Information Security for South Africa, ISSA 2010 . Institute of Electrical and Electronic Engineers IEEE, 2011 Conference on Information Security for South Africa, ISSA 2011, Johannesburg, South Africa, 15/08/11. https://doi.org/10.1109/ISSA.2010.5588322

Towards security effectiveness measurement utilizing risk-based security assurance. / Savola, Reijo; Pentikäinen, Heimo; Ouedraogo, Moussa.

Proceedings of the Information Security for South Africa, ISSA 2010 . Institute of Electrical and Electronic Engineers IEEE, 2010.

Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

TY - GEN

T1 - Towards security effectiveness measurement utilizing risk-based security assurance

AU - Savola, Reijo

AU - Pentikäinen, Heimo

AU - Ouedraogo, Moussa

PY - 2010

Y1 - 2010

N2 - Systematic and practical approaches to risk-driven operational security evidence help ensure the effectiveness and efficiency of security controls in business-critical applications and services. This paper introduces an enhanced methodology to develop security effectiveness metrics that can be used in connection with correctness assurance of security controls. This methodology is then applied to an example system: a Push E-mail service. The methodology is based on threat and vulnerability analysis, and parallel security requirement and system architecture decomposition.

AB - Systematic and practical approaches to risk-driven operational security evidence help ensure the effectiveness and efficiency of security controls in business-critical applications and services. This paper introduces an enhanced methodology to develop security effectiveness metrics that can be used in connection with correctness assurance of security controls. This methodology is then applied to an example system: a Push E-mail service. The methodology is based on threat and vulnerability analysis, and parallel security requirement and system architecture decomposition.

U2 - 10.1109/ISSA.2010.5588322

DO - 10.1109/ISSA.2010.5588322

M3 - Conference article in proceedings

SN - 978-1-4244-5493-8

BT - Proceedings of the Information Security for South Africa, ISSA 2010

PB - Institute of Electrical and Electronic Engineers IEEE

ER -

Savola R, Pentikäinen H, Ouedraogo M. Towards security effectiveness measurement utilizing risk-based security assurance. In Proceedings of the Information Security for South Africa, ISSA 2010 . Institute of Electrical and Electronic Engineers IEEE. 2010 https://doi.org/10.1109/ISSA.2010.5588322