Towards security effectiveness measurement utilizing risk-based security assurance

Reijo Savola, Heimo Pentikäinen, Moussa Ouedraogo

    Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

    9 Citations (Scopus)

    Abstract

    Systematic and practical approaches to risk-driven operational security evidence help ensure the effectiveness and efficiency of security controls in business-critical applications and services.
    This paper introduces an enhanced methodology to develop security effectiveness metrics that can be used in connection with correctness assurance of security controls.
    This methodology is then applied to an example system: a Push E-mail service.
    The methodology is based on threat and vulnerability analysis, and parallel security requirement and system architecture decomposition.
    Original languageEnglish
    Title of host publicationProceedings of the Information Security for South Africa, ISSA 2010
    PublisherIEEE Institute of Electrical and Electronic Engineers
    Number of pages8
    ISBN (Electronic)978-1-4244-5495-2
    ISBN (Print)978-1-4244-5493-8
    DOIs
    Publication statusPublished - 2010
    MoE publication typeA4 Article in a conference publication
    Event2011 Conference on Information Security for South Africa, ISSA 2011 - Johannesburg, South Africa
    Duration: 15 Aug 201117 Aug 2011

    Conference

    Conference2011 Conference on Information Security for South Africa, ISSA 2011
    Abbreviated titleISSA 2011
    CountrySouth Africa
    CityJohannesburg
    Period15/08/1117/08/11

    Fingerprint

    Electronic mail
    Decomposition
    Industry

    Cite this

    Savola, R., Pentikäinen, H., & Ouedraogo, M. (2010). Towards security effectiveness measurement utilizing risk-based security assurance. In Proceedings of the Information Security for South Africa, ISSA 2010 IEEE Institute of Electrical and Electronic Engineers . https://doi.org/10.1109/ISSA.2010.5588322
    Savola, Reijo ; Pentikäinen, Heimo ; Ouedraogo, Moussa. / Towards security effectiveness measurement utilizing risk-based security assurance. Proceedings of the Information Security for South Africa, ISSA 2010 . IEEE Institute of Electrical and Electronic Engineers , 2010.
    @inproceedings{e589a47d47dd407ca374e3e01f96d317,
    title = "Towards security effectiveness measurement utilizing risk-based security assurance",
    abstract = "Systematic and practical approaches to risk-driven operational security evidence help ensure the effectiveness and efficiency of security controls in business-critical applications and services. This paper introduces an enhanced methodology to develop security effectiveness metrics that can be used in connection with correctness assurance of security controls. This methodology is then applied to an example system: a Push E-mail service. The methodology is based on threat and vulnerability analysis, and parallel security requirement and system architecture decomposition.",
    author = "Reijo Savola and Heimo Pentik{\"a}inen and Moussa Ouedraogo",
    year = "2010",
    doi = "10.1109/ISSA.2010.5588322",
    language = "English",
    isbn = "978-1-4244-5493-8",
    booktitle = "Proceedings of the Information Security for South Africa, ISSA 2010",
    publisher = "IEEE Institute of Electrical and Electronic Engineers",
    address = "United States",

    }

    Savola, R, Pentikäinen, H & Ouedraogo, M 2010, Towards security effectiveness measurement utilizing risk-based security assurance. in Proceedings of the Information Security for South Africa, ISSA 2010 . IEEE Institute of Electrical and Electronic Engineers , 2011 Conference on Information Security for South Africa, ISSA 2011, Johannesburg, South Africa, 15/08/11. https://doi.org/10.1109/ISSA.2010.5588322

    Towards security effectiveness measurement utilizing risk-based security assurance. / Savola, Reijo; Pentikäinen, Heimo; Ouedraogo, Moussa.

    Proceedings of the Information Security for South Africa, ISSA 2010 . IEEE Institute of Electrical and Electronic Engineers , 2010.

    Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

    TY - GEN

    T1 - Towards security effectiveness measurement utilizing risk-based security assurance

    AU - Savola, Reijo

    AU - Pentikäinen, Heimo

    AU - Ouedraogo, Moussa

    PY - 2010

    Y1 - 2010

    N2 - Systematic and practical approaches to risk-driven operational security evidence help ensure the effectiveness and efficiency of security controls in business-critical applications and services. This paper introduces an enhanced methodology to develop security effectiveness metrics that can be used in connection with correctness assurance of security controls. This methodology is then applied to an example system: a Push E-mail service. The methodology is based on threat and vulnerability analysis, and parallel security requirement and system architecture decomposition.

    AB - Systematic and practical approaches to risk-driven operational security evidence help ensure the effectiveness and efficiency of security controls in business-critical applications and services. This paper introduces an enhanced methodology to develop security effectiveness metrics that can be used in connection with correctness assurance of security controls. This methodology is then applied to an example system: a Push E-mail service. The methodology is based on threat and vulnerability analysis, and parallel security requirement and system architecture decomposition.

    U2 - 10.1109/ISSA.2010.5588322

    DO - 10.1109/ISSA.2010.5588322

    M3 - Conference article in proceedings

    SN - 978-1-4244-5493-8

    BT - Proceedings of the Information Security for South Africa, ISSA 2010

    PB - IEEE Institute of Electrical and Electronic Engineers

    ER -

    Savola R, Pentikäinen H, Ouedraogo M. Towards security effectiveness measurement utilizing risk-based security assurance. In Proceedings of the Information Security for South Africa, ISSA 2010 . IEEE Institute of Electrical and Electronic Engineers . 2010 https://doi.org/10.1109/ISSA.2010.5588322