Towards security evaluation based on evidence collection

    Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

    2 Citations (Scopus)

    Abstract

    Information security evaluation of software-intensive systems typically relies heavily on the experience of the security professionals. Obviously, automated approaches are needed in this field. Unfortunately, there is no practical approach to carrying out security evaluation in a systematic way. Here we introduce a general-level holistic framework for security evaluation based on security behaviour modelling and security evidence collection, and discuss its applicability to the design of security evaluation experimentation setups in real-world systems.
    Original languageEnglish
    Title of host publicationProceedings of the ISSA 2006 from Insight to Foresight Conference
    EditorsJan H. P. Eloff, Les Labuschagne, Mariki M. Eloff, Hein S. Venter
    Number of pages10
    Publication statusPublished - 2006
    MoE publication typeA4 Article in a conference publication
    Event6th Information Security South Africa Conference, ISSA 2006 : From Insight to Foresight - Sandton, South Africa
    Duration: 5 Jul 20067 Jul 2006
    Conference number: 6

    Conference

    Conference6th Information Security South Africa Conference, ISSA 2006
    Abbreviated titleISSA 2006
    CountrySouth Africa
    CitySandton
    Period5/07/067/07/06

      Fingerprint

    Cite this

    Savola, R. (2006). Towards security evaluation based on evidence collection. In J. H. P. Eloff, L. Labuschagne, M. M. Eloff, & H. S. Venter (Eds.), Proceedings of the ISSA 2006 from Insight to Foresight Conference https://digifors.cs.up.ac.za/issa/2006/Proceedings/Full/10_Paper.pdf