Decision Support for Choice of Security Solution

In security assessment and management there is no single correct solution to the identi…ed security problems or challenges. Instead there are only choices and tradeo¤s. The main reason for this is that modern information systems and security critical information systems in particular must perform at the contracted or expected security level, make e¤ective use of available resources and meet end-users’expectations. Balancing these needs while also ful…lling development, project and …nancial perspectives, such as budget and TTM constraints, mean that decision makers have to evaluate alternative security solutions. This work describes parts of an approach that supports decision makers in choosing one or a set of security solutions among alternatives. The approach is called the Aspect-Oriented Risk Driven Development (AORDD) framework, combines Aspect-Oriented Modeling (AOM) and Risk Driven Development (RDD) techniques and consists of the seven components: (1) An iterative AORDD process. (2) Security solution aspect repository. (3) Estimation repository to store experience from estimation of security risks and security solution variables involved in security solution decisions. (4) RDD annotation rules for security risk and security solution variable estimation. (5) The AORDD security solution trade-o¤ analysis and trade-o¤ tool BBN topology. (6) Rule set for how to transfer RDD information from the annotated UML diagrams into the trade-o¤ tool BBN topology. (7) Trust-based information aggregation schema to aggregate disparate information in the trade-o¤ tool BBN topology. This work focuses on components 5 and 7, which are the two core components in the AORDD framework. This work has looked at four main research questions related to security solution decision support. These are: RQ.1: How can alternative security solutions be evaluated against each other? RQ.2: How can security risk impact and the e¤ect of security solutions be measured? RQ.3: Which development, project and …nancial perspectives are relevant and how can these be measured? RQ.4: How can the disparate information involved in RQ.1, RQ.2 and RQ.3 be combined?