Abstract
Systematic and practical approaches to risk-driven operational security evidence help ensure the effectiveness and efficiency of security controls in business-critical applications and services.
This paper introduces an enhanced methodology to develop security effectiveness metrics that can be used in connection with correctness assurance of security controls.
This methodology is then applied to an example system: a Push E-mail service.
The methodology is based on threat and vulnerability analysis, and parallel security requirement and system architecture decomposition.
This paper introduces an enhanced methodology to develop security effectiveness metrics that can be used in connection with correctness assurance of security controls.
This methodology is then applied to an example system: a Push E-mail service.
The methodology is based on threat and vulnerability analysis, and parallel security requirement and system architecture decomposition.
| Original language | English |
|---|---|
| Title of host publication | Proceedings of the Information Security for South Africa, ISSA 2010 |
| Publisher | IEEE Institute of Electrical and Electronic Engineers |
| Number of pages | 8 |
| ISBN (Electronic) | 978-1-4244-5495-2 |
| ISBN (Print) | 978-1-4244-5493-8 |
| DOIs | |
| Publication status | Published - 2010 |
| MoE publication type | A4 Article in a conference publication |
| Event | 2011 Conference on Information Security for South Africa, ISSA 2011 - Johannesburg, South Africa Duration: 15 Aug 2011 → 17 Aug 2011 |
Conference
| Conference | 2011 Conference on Information Security for South Africa, ISSA 2011 |
|---|---|
| Abbreviated title | ISSA 2011 |
| Country/Territory | South Africa |
| City | Johannesburg |
| Period | 15/08/11 → 17/08/11 |