Towards security evaluation based on evidence collection

Reijo Savola

    Research output: Chapter in Book/Report/Conference proceedingConference article in proceedingsScientificpeer-review

    2 Citations (Scopus)


    Information security evaluation of software-intensive systems typically relies heavily on the experience of the security professionals. Obviously, automated approaches are needed in this field. Unfortunately, there is no practical approach to carrying out security evaluation in a systematic way. Here we introduce a general-level holistic framework for security evaluation based on security behaviour modelling and security evidence collection, and discuss its applicability to the design of security evaluation experimentation setups in real-world systems.
    Original languageEnglish
    Title of host publicationProceedings of the ISSA 2006 from Insight to Foresight Conference
    EditorsJan H. P. Eloff, Les Labuschagne, Mariki M. Eloff, Hein S. Venter
    Number of pages10
    Publication statusPublished - 2006
    MoE publication typeA4 Article in a conference publication
    Event6th Information Security South Africa Conference, ISSA 2006 : From Insight to Foresight - Sandton, South Africa
    Duration: 5 Jul 20067 Jul 2006
    Conference number: 6


    Conference6th Information Security South Africa Conference, ISSA 2006
    Abbreviated titleISSA 2006
    Country/TerritorySouth Africa


    Dive into the research topics of 'Towards security evaluation based on evidence collection'. Together they form a unique fingerprint.

    Cite this