An integrated framework for security and dependability
Proceedings of the 1998 workshop on New security paradigms
Experimenting with Quantitative Evaluation Tools for Monitoring Operational Security
IEEE Transactions on Software Engineering
Complete Guide to Security and Privacy Metrics
Complete Guide to Security and Privacy Metrics
Soa security
Regulations Expressed As Logical Models (REALM)
Proceedings of the 2005 conference on Legal Knowledge and Information Systems: JURIX 2005: The Eighteenth Annual Conference
Ontology-based generation of IT-security metrics
Proceedings of the 2010 ACM Symposium on Applied Computing
Appraisal and reporting of security assurance at operational systems level
Journal of Systems and Software
Taxonomy of quality metrics for assessing assurance of security correctness
Software Quality Control
Hi-index | 0.00 |
Practitioners as well as researchers have repeatedly deplored that IT security research has failed to produce practical solutions to growing security threats. This paper attributes this failure to the fact that IT departments no longer invest in security as an ideal. Rather, money is being spent on technologies that enable compliance with security requirements. Academia has not embraced this shift in perspective and still tries to "sell" security when organizations seek to "buy" compliance. This disconnect has lead to research that fails to improve real-world security because it is not embraced in the market place. The conclusion drawn in this paper is that academia needs to complement current security research by additional research into security compliance. To encourage more work in this relatively new direction, the paper describes the major compliance research challenges that await solutions.