Identification of Basic Measurable Security Components in Software-Intensive Systems
نویسنده
چکیده
Appropriate information security solutions for software-intensive systems, together with evidence of their security performance help to prevent serious consequences for businesses and the stakeholders. Security metrics can be used to offer this evidence. We investigate practical and holistic development of security metrics for software-intensive systems. Our approach is security requirement-centric. The high-level security requirements are expressed in terms of lower-level measurable components applying a decomposition approach. Detailed security metrics are developed based on the basic measurable components identified at the leaf level of the decomposition.
منابع مشابه
Development of Measurable Security for a Distributed Messaging System
Systematically developed security metrics make it possible to gather sufficient and credible security evidence for runtime adaptive security management and off-line security engineering and management. This study introduces and analyzes security metrics and parameter dependencies for one particular distributed messaging system. The focus is on the effectiveness and correctness of security-enfor...
متن کاملOn the Feasibility of Utilizing Security Metrics in Software-Intensive Systems
Security measurement of software-intensive systems is an emerging field, rapidly gaining momentum. Well-designed security metrics offer credible and sufficient evidence of security level and performance for security decision-making. In this study, we introduce a novel security metrics feasibility validation approach, consisting of validation criteria and an associated validation process that ta...
متن کاملIdentification of the Sources of Energy Loss through Exergy Analysis: Case Study of Marun Mega-Olefin Plant
One of the industries with high potential for energy saving is the petrochemical industry. Ethylene and propylene production plants (olefin plants) – as a part of the petrochemical industry – are very energy intensive. So, any try to improve their energy consumption efficiency could lead to a high amount of energy saving. Iran’s petrochemical industry uses old technologies and components and du...
متن کاملIdentifying Information Security Risk Components in Military Hospitals in Iran
Background and Aim: Information systems are always at risk of information theft, information change, and interruptions in service delivery. Therefore, the present study was conducted to develop a model for identifying information security risk in military hospitals in Iran. Methods: This study was a qualitative content analysis conducted in military hospitals in Iran in 2019. The sample consist...
متن کاملCertification process artifacts defined as measurable units for software assurance
Certification and Accreditation (C&A) process artifacts for software-intensive systems are characterized by the metrics and measures required to be produced from their units of analysis for assessing system behaviour. Software-intensive systems are complex clusters of closely interdependent system of systems that include underlying software, systems, people, processes, and operational environme...
متن کامل