Elaborating Quantitative Approaches for IT Security Evaluation
نویسندگان
چکیده
Information Systems security evaluation is a sine qua non requirement for effective IT security management, as well as for establishing trust among different but cooperating business partners. This paper initially provides a critical review of traditionally applied evaluation and certification schemes. Based upon this review, the paper stresses the need for an approach that is quantitative in nature and can address the problem of IS operational security. Then, such an approach is presented, mainly based on an existing complex of models (CEISOQ) for evaluating IS operation quality. It is argued that there are certain benefits if this approach is applied in combination with the traditional qualitative ones.
منابع مشابه
Risk Analysis and Economic Load Dispatch Evaluation of Network with High Wind Power Penetration
This study based on investigation for integration wind power into conventional power system with its impact on fossil fuel generators and their generation management. Wind power as environmental friendly energy source can reduce the operational cost of the system due to considering no cost for energizing the generator in comparing with fossil fuel generators. However due to unpredictable nature...
متن کاملQuantitative evaluation of software security: an approach based on UML/SecAM and evidence theory
Quantitative and model-based prediction of security in the architecture design stage facilitates early detection of design faults hence reducing modification costs in subsequent stages of software life cycle. However, an important question arises with respect to the accuracy of input parameters. In practice, security parameters can rarely be estimated accurately due to the lack of sufficient kn...
متن کاملTowards Security at All Stages of a System’s Life Cycle
Recent experience has shown, that interconnected systems are vulnerable to attacks, if security questions are not met appropriately. In this paper we give selected reasons for the current dissatisfying security level of distributed systems and present selected approaches of making systems more secure. We describe our concept of a ,,Security Improvement Feedback Loop” which is a systematic way o...
متن کاملExperimenting with Quantitative Evaluation Tools for Monitoring Operational Security
This paper presents the results of an experiment in security evaluation. The system is modeled as a privilege graph that exhibits its security vuinerabilities. Quantitative measures that estimate the effort an attacker might expend to exploit these vulnerabilities to defeat the system security objectives are proposed. A set of tools has been developed to compute such measures and has been used ...
متن کاملEconomic Security Metrics
This chapter surveys economic approaches for security metrics, among which we could identify two main areas of research. One has its roots in investment and decision theory and is mainly pursued in the field of information technology-oriented business administration. It has yielded a number of quantitative metrics that can be applied as guidelines in investment decisions as well as for the eval...
متن کامل