Title :
Security Objectives within a Security Testing Case Study
Author :
Karppinen, Kaarina ; Savola, Reijo ; Rapeli, Mikko ; Tikkala, Esa
Author_Institution :
VTT Tech. Res. Centre of Finland, Oulu
Abstract :
Obviously, there is a need for automated information security analysis, validation, evaluation and testing approaches. Unfortunately, there is no state-of-art approach to carrying out information security evaluation in a systematic way. Information security evaluation of software-intensive and telecommunications systems typically relies heavily on the experience of the security professionals. Requirements are within the focus of the information security evaluation process. Information security requirements can be based on iterative risk, threat and vulnerability analyses, and technical and architectural information. There is a need for more practical ways to carry out this iterative process. In this paper we discuss security evaluation process, security objectives and security requirements from the basis of the experiences of a security testing project
Keywords :
program testing; risk analysis; security of data; information security analysis; risk analysis; security evaluation; security objectives; security requirements; security testing; security validation; software-intensive systems; telecommunications systems; threat analysis; vulnerability analysis; Automatic testing; Computer bugs; Computerized monitoring; Information analysis; Information security; Manufacturing industries; Protocols; Risk analysis; System testing; Telecommunication traffic;
Conference_Titel :
Availability, Reliability and Security, 2007. ARES 2007. The Second International Conference on
Conference_Location :
Vienna
Print_ISBN :
0-7695-2775-2
DOI :
10.1109/ARES.2007.136
