Affiliation:
1. Norwegian University of Science and Technology, Norway
2. Statistics Norway, Norway
Abstract
Security assurance is the confidence that a system meets its security requirements and is resilient against security vulnerabilities and failures. Existing approaches can be characterized as (1) qualitative in nature, (2) tend to achieve their goals manually to a large extent, (3) very costly, (4) development-process oriented, and finally, (3) treat all security requirements within one domain equally for all applications regardless of the context. In this chapter, the authors propose a security assurance framework and its assurance evaluation process. The framework and process depend on a quantitative security assurance metrics that were developed too. The proposed metric considers both the security requirements and vulnerability. Weight has been introduced to the security requirement metric to measure the importance of security requirements that need to be fulfilled. The framework with the proposed quantitative assurance metrics are evaluated and validated using two field case studies related to two operational REST APIs that belong to and are used by Statistics Norway.
Reference30 articles.
1. RiskSRP: Prioritizing Security Requirements Based on Total Risk Avoidance
2. Multi-agent based security assurance monitoring system for telecommunication infrastructures.;E.Bulut;Proceedings of the Fourth IASTED International Conference on Communication, Network and Information Security,2007
Cited by
4 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献