On the Feasibility of Utilizing Security Metrics in Software-Intensive Systems

نویسنده

  • Reijo Savola
چکیده

Security measurement of software-intensive systems is an emerging field, rapidly gaining momentum. Well-designed security metrics offer credible and sufficient evidence of security level and performance for security decision-making. In this study, we introduce a novel security metrics feasibility validation approach, consisting of validation criteria and an associated validation process that takes into account the used measurement approaches and the use of security metrics. The approach is based on the identification of needs for and challenges in using security metrics, and the identification of good properties of security metrics from related work.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Identification of Basic Measurable Security Components in Software-Intensive Systems

Appropriate information security solutions for software-intensive systems, together with evidence of their security performance help to prevent serious consequences for businesses and the stakeholders. Security metrics can be used to offer this evidence. We investigate practical and holistic development of security metrics for software-intensive systems. Our approach is security requirement-cen...

متن کامل

A Security Metrics Taxonomization Model for Software-Intensive Systems

We introduce a novel high-level security metrics objective taxonomization model for software-intensive systems. The model systematizes and organizes security metrics development activities. It focuses on the security level and security performance of technical systems while taking into account the alignment of metrics objectives with different business and other management goals. The model emph...

متن کامل

Properties for Security Measures of Software Products

A large number of attacks on computing systems succeed because of the existence of software flaws (e.g. buffer overflow, race conditions etc.) that could be fixed through a careful design process. An effective way of improving the quality of software products consists of using metrics to guide the development process. The field of software security metrics however is still in infancy in contras...

متن کامل

Information Security Evaluation based on Requirements, Metrics and Evidence Information

Information security assurance and evaluation of software-intensive systems typically relies heavily on the experience of the security professionals. Obviously, automated approaches are needed in this field. Unfortunately, there is no practical approach to carrying out security evaluation in a systematic way. We introduce an iterative process for security evaluation based on security requiremen...

متن کامل

Towards Measuring the Project Management Process During Large Scale Software System Implementation Phase

Project management is an important factor to accomplish the decision to implement large-scale software systems (LSS) in a successful manner. The effective project management comes into play to plan, coordinate and control such a complex project. Project management factor has been argued as one of the important Critical Success Factor (CSF), which need to be measured and monitored carefully duri...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2010