Towards a taxonomy for information security metrics
Proceedings of the 2007 ACM workshop on Quality of protection
Journal of Systems and Software
A Risk Based Approach for Security Assurance Evaluation of IT Systems
CNSR '09 Proceedings of the 2009 Seventh Annual Communication Networks and Services Research Conference
Multi-agent based security assurance monitoring system for telecommunication infrastructures
CNIS '07 Proceedings of the Fourth IASTED International Conference on Communication, Network and Information Security
Computer Networks: The International Journal of Computer and Telecommunications Networking
Model for evaluation of SOA security metrics using attack graphs
International Journal of Critical Computer-Based Systems
Towards holistic security management through coherent measuring
Proceedings of the Fourth European Conference on Software Architecture: Companion Volume
Towards an abstraction layer for security assurance measurements: (invited paper)
Proceedings of the Fourth European Conference on Software Architecture: Companion Volume
Addressing misalignment between information security metrics and business-driven security objectives
Proceedings of the 6th International Workshop on Security Measurements and Metrics
Information systems security criticality and assurance evaluation
AST/UCMA/ISA/ACN'10 Proceedings of the 2010 international conference on Advances in computer science and information technology
Software security in the model for service oriented architecture quality
PPAM'09 Proceedings of the 8th international conference on Parallel processing and applied mathematics: Part I
A formal approach towards measuring trust in distributed systems
Proceedings of the 2011 ACM Symposium on Applied Computing
Discovering Multidimensional Correlations among Regulatory Requirements to Understand Risk
ACM Transactions on Software Engineering and Methodology (TOSEM)
Formal analysis of security metrics and risk
WISTP'11 Proceedings of the 5th IFIP WG 11.2 international conference on Information security theory and practice: security and privacy of mobile devices in wireless communication
Quantifying the security of composed systems
PPAM'05 Proceedings of the 6th international conference on Parallel Processing and Applied Mathematics
Measuring resistance to social engineering
ISPEC'05 Proceedings of the First international conference on Information Security Practice and Experience
Metrics of password management policy
ICCSA'06 Proceedings of the 2006 international conference on Computational Science and Its Applications - Volume Part III
Taxonomy of quality metrics for assessing assurance of security correctness
Software Quality Control
| Hi-index | 0.00 |
The term "assurance" has been used for decades in trusted system development as an expression of confidence that one has in the strength of mechanisms or countermeasures. One of the unsolved problems of security engineering is the adoption of measures or metrics that can reliably depict the assurance associated with a specific hardware and software system. This paper reports on a recent attempt to focus requirements in this area by examining those currently in use. It then suggests a categorization of Information Assurance (IA) metricsthat may be tailored to an organization's needs 1. We believe that the provision of security mechanisms in systems is a subset of the systems engineering discipline having a large software-engineering correlation. There is general agreement that no single system metric or any "one-prefect" set of IA metrics applies across all systems or audiences. The set most useful for an organization largely depends on their IA goals, their technical, organizational and operational needs, and the financial, personnel, and technical resources that are available.