Title :
Strategies for security measurement objective decomposition
Author :
Savola, Reijo M.
Author_Institution :
VTT Tech. Res. Centre of Finland, Oulu, Finland
Abstract :
Systematically managed, sufficient and credible security metrics increase the understanding of the security effectiveness level of software-intensive systems during the system development and operation. Risk-driven top-down modeling enables systematic and meaningful security metrics development. We propose six strategies for security measurement objective decomposition. Their focus is on metrics development for security correctness, software and system quality, partial security effectiveness, as well as security-related compliance and tradeoff decision-making. The proposed strategies integrate an abstract security effectiveness model, security measurement objectives, and the associated measurement points in relevant system components. Security effectiveness is emphasized in all strategies despite of other objectives.
Keywords :
decision making; security of data; software metrics; software quality; abstract security effectiveness model; measurement points; partial security effectiveness; risk-driven top-down modeling; security correctness; security measurement objective decomposition; security metrics development; security-related compliance; software quality; software-intensive systems; system components; system quality; tradeoff decision-making; Abstracts; Authentication; Decision making; Measurement; Modeling; Software; ecomposition; ecurity correctness; ecurity effectiveness; ecurity metrics; ystem quality;
Conference_Titel :
Information Security for South Africa (ISSA), 2012
Conference_Location :
Johannesburg, Gauteng
Print_ISBN :
978-1-4673-2160-0
DOI :
10.1109/ISSA.2012.6320434
