A framework for system security assessment

Author

Hallberg, Jonas ; Hunstad, Amund ; Peterson, Mikael

fYear

2005

Firstpage

224

Lastpage

231

Abstract

Security assessment is a central ability in the striving for adequate levels of IT security in information systems and networks. In this paper, the issue of system-wide IT security assessment is addressed. The results include a framework for IT security assessment addressing the need to include the influence of system structure in assessments. The purpose of the framework is twofold, to support the development of system security assessment methods and to enable the categorization of existing methods. Moreover, as an example of a possible approach to system security assessment, the CAESAR method is presented. CAESAR enables the calculation of scalar overall system security values as well as system-dependent security values for technical system entities.

Keywords

information networks; information systems; security of data; CAESAR method; IT security; information networks; information systems; scalar overall system security values; security metrics; system security assessment; system structure; system-dependent security values; Art; Availability; Conferences; Data security; Information security; Mechanical factors; Power system modeling; Power system security; Predictive models;

fLanguage

English

Publisher

ieee

Conference_Titel

Information Assurance Workshop, 2005. IAW '05. Proceedings from the Sixth Annual IEEE SMC

Print_ISBN

0-7803-9290-6

Type

conf

DOI

10.1109/IAW.2005.1495956

Filename

1495956