Title :
Evaluating security products based on appropriate usage
Author :
Phatak, Vikram ; Moy, Rick
Abstract :
Information security products have evolved rapidly over the last decade. However, the science of evaluating products has virtually stood still during that same time period, creating a knowledge gap that has made it difficult for information security buyers to determine whether or not a product meets specific security and/or compliance needs. This paper discusses a new method for evaluating technology products based upon the appropriateness within the context that they will be deployed. By applying a Use Case-based methodology, information security professionals can more clearly identify detailed protection requirements for a given environment. Two examples are given: (1) Use Cases can clarify different application security requirements between retail storefronts and back-end e-commerce datacenters; and (2) Use Cases allow the assessment of anti-malware products based on the relative importance of different malware attack vectors to the endpoints being protected.
Keywords :
computer centres; electronic commerce; invasive software; retail data processing; antimalware product assessment; appropriate usage; back-end e-commerce datacenters; information security buyers; information security products; information security professionals; knowledge gap; malware attack vectors; protection requirements; retail storefronts; security product evaluation; security requirements; technology product evaluation method; use case-based methodology; Decision support systems; Information security; Servers; Software; Testing; Vectors;
Conference_Titel :
Malicious and Unwanted Software (MALWARE), 2011 6th International Conference on
Conference_Location :
Fajardo
Print_ISBN :
978-1-4673-0031-5
DOI :
10.1109/MALWARE.2011.6112323
