A Security Metrics Taxonomization Model for Software-Intensive Systems
作者: Reijo M. Savola
DOI: 10.3745/JIPS.2009.5.4.197
关键词:
摘要: Abstract: We introduce a novel high-level security metrics objective taxonomization model for soft-ware-intensive systems. The systematizes and organizes development activities. It focuses on the level performance of technical systems while taking into account alignment objectives with different business other management goals. emphasizes roles security-enforcing mechanisms, overall quality system un-der investigation, secure lifecycle, project management. Security correctness, effectiveness efficiency are seen as fundamental measurement objectives, determining di-rections more detailed development. Integration proposed risk-driven approaches is also discussed. Keywords: Metrics, Objectives, Tax onomy, Correctness, Effectiveness, Efficiency 1. Introduction increasing complexity connectivity software-intensive systems, products services boosting needs pertinent reliable software trusted solutions. Systematic to measur-ing needed obtain evidence in services. In addition, early will enable cost-effective easier make engineering decisions concerning if sufficient credible available. field developing systematically young. complication behind immaturity secu-rity that current practice still highly diverse field, holistic widely accepted ap-proaches missing [1]. , attempts measure have only obtained limited success [2]. Lately, has become an emerging research area rapidly gaining momentum. main contribution this study discuss motivation it. devel-opment. analyze role emphasis areas show how can be integrated met-rics our model, we made premeditated choice not divide technical, operational organizational metrics, which most common classification. rest article organized following way. Section 2 analyzes related work, 3 gives short introduction metrics. 4 presents Metrics Objective Segments (SMOS) 5 discusses design tax-onomies help model. 6 process. 7 incorporates dis-cussion results general terms, finally, 8 conclusions finalizes some future questions.
koreascience.or.kr参考文章(30)
Ashraf Matrawy, Peter Pieda, Nabil Seddigh, Ioannis Lambadaris, Biswajit Nandy, Adam Hatfield, Current Trends and Advances in Information Assurance Metrics. conference on privacy, security and trust. pp. 197- 205 ,(2004)
Reijo Savola, A Novel Security Metrics Taxonomy for R&D Organisations information security for south africa. pp. 1- 12 ,(2008)
William A. Wulf, Chenxi Wang, TOWARDS A FRAMEWORK FOR SECURITY MEASUREMENT ,(1997)
Karen A. Scarfone, Stephen D. Quinn, Christopher S. Johnson, Matthew Barrett, SP 800-117. Guide to Adopting and Using the Security Content Automation Protocol (SCAP) Version 1.0 National Institute of Standards & Technology. ,(2010)
Bennet S. Yee, Security Metrology and the Monty Hall Problem ,(2001)
Moshe Morris Mano, Computer Security Management ,(1981)
Marianne Swanson, Security Self-Assessment Guide for Information Technology Systems National Institute of Standards and Technology (U.S.). ,(2001) , 10.6028/NIST.SP.800-26
Debra S. Herrmann, Complete Guide to Security and Privacy Metrics: Measuring Regulatory Compliance, Operational Resilience, and ROI Auerbach Publications. ,(2007) , 10.1201/9781420013283
Agnes Berger, Sylvan Wallenstein, On the theory of Cα-tests Statistics & Probability Letters. ,vol. 7, pp. 419- 424 ,(1989) , 10.1016/0167-7152(89)90098-9
Rajashekar Kailar, Virgil D. Gligor, Li Gong, On the Security Effectiveness of Cryptographic Protocols Springer, Vienna. pp. 139- 157 ,(1995) , 10.1007/978-3-7091-9396-9_12