Abstract
Information security evaluation of software-intensive systems typically relies heavily on the experience of the security professionals. Obviously, automated approaches are needed in this field. Unfortunately, there is no practical approach to carrying out security evaluation in a systematic way. Here we introduce a general-level holistic framework for security evaluation based on security behaviour modelling and security evidence collection, and discuss its applicability to the design of security evaluation experimentation setups in real-world systems.
| Original language | English |
|---|---|
| Title of host publication | Proceedings of the ISSA 2006 from Insight to Foresight Conference |
| Editors | Jan H. P. Eloff, Les Labuschagne, Mariki M. Eloff, Hein S. Venter |
| Number of pages | 10 |
| Publication status | Published - 2006 |
| MoE publication type | A4 Article in a conference publication |
| Event | 6th Information Security South Africa Conference, ISSA 2006 : From Insight to Foresight - Sandton, South Africa Duration: 5 Jul 2006 → 7 Jul 2006 Conference number: 6 |
Conference
| Conference | 6th Information Security South Africa Conference, ISSA 2006 |
|---|---|
| Abbreviated title | ISSA 2006 |
| Country | South Africa |
| City | Sandton |
| Period | 5/07/06 → 7/07/06 |
Fingerprint
Cite this
Savola, R. (2006). Towards security evaluation based on evidence collection. In J. H. P. Eloff, L. Labuschagne, M. M. Eloff, & H. S. Venter (Eds.), Proceedings of the ISSA 2006 from Insight to Foresight Conference https://digifors.cs.up.ac.za/issa/2006/Proceedings/Full/10_Paper.pdf