Quantitative Assessment for Organisational Security & Dependability
نویسندگان
چکیده
There are numerous metrics proposed to assess security and dependability of technical systems (e.g., number of defects per thousand lines of code). Unfortunately, most of these metrics are too low-level, and lack on capturing highlevel system abstractions required for organisation analysis. The analysis essentially enables the organisation to detect and eliminate possible threats by system re-organisations or re-configurations. In other words, it is necessary to assess security and dependability of organisational structures next to implementations and architectures of systems. This paper focuses on metrics suitable for assessing security and dependability aspects of a socio-technical system and supporting decision making in designing processes. We also highlight how these metrics can help in making the system more effective in providing security and dependability by applying socio-technical solutions (i.e., organisation design
منابع مشابه
Identifying Suitable Attributes for Security and Dependability Metrication
In this paper, we suggest a framework for security and dependability metrics that is based on a number of non-functional system attributes. The attributes are the traditional security attributes (the “CIA”) and a set of dependability attributes. Based on a system model, we group those attributes into protective attributes and behavioural attributes and propose that metrication should be done in...
متن کاملQuantitative Risk Assessment of Computer Virus Attacks on Computer Networks
This paper discusses the various types of malicious software, particularly computer viruses, which threaten computer network dependability, including such attributes as reliability, availability, safety and security of computer systems. Quantitative risk assessment of computer virus attacks on computer networks is investigated. To this end, an analytical model to study computer virus propagatio...
متن کاملSecurity in the Context of Dependability
Security, as an architectural quality, is often thought to be measured in terms of availability, confidentiality and integrity. These qualities are part of a broader quality dependability. There are inherent tradeoffs among the qualities that define security and dependability. Architectural tactics, or architectural design decisions, that enhance one aspect of dependability can decrease securit...
متن کاملPredicting Availability of Systems using BBN in Aspect-Oriented Risk-Driven Development (AORDD)
Existing security standards targets qualitative evaluation of the security level of a system against a set of predefined levels. When doing trade-off between treatment strategies, we need to supplement the qualitative evaluation with quantitative estimates of operational security. Quantitative evaluation, such as probabilistic analysis, is frequently used within the dependability domain. To est...
متن کاملBloomfield , R . E . , Littlewood , B . & Wright
Society is increasingly requiring quantitative assessment of risk and associated dependability cases. Informally, a dependability case comprises some reasoning, based on assumptions and evidence, that supports a dependability claim at a particular level of confidence. In this paper we argue that a quantitative assessment of claim confidence is necessary for proper assessment of risk. We discuss...
متن کامل