• norsk
    • English
  • norsk 
    • norsk
    • English
  • Logg inn
Vis innførsel 
  •   Hjem
  • Øvrige samlinger
  • Publikasjoner fra CRIStin - NTNU
  • Vis innførsel
  •   Hjem
  • Øvrige samlinger
  • Publikasjoner fra CRIStin - NTNU
  • Vis innførsel
JavaScript is disabled for your browser. Some features of this site may not work without it.

Towards a Quantitative Approach for Security Assurance Metrics

Weldehawaryat, Goitom Kahsay; Katt, Basel
Chapter
Published version
Åpne
Weldehawaryat_2018.pdf (Låst)
Permanent lenke
http://hdl.handle.net/11250/2582766
Utgivelsesdato
2018
Metadata
Vis full innførsel
Samlinger
  • Institutt for informasjonssikkerhet og kommunikasjonsteknologi [1600]
  • Publikasjoner fra CRIStin - NTNU [20946]
Sammendrag
The need for effective and efficient evaluation schemes of security assurance is growing in many organizations, especially Small and Medium Enterprises (SMEs). Although there are several approaches and standards for evaluating application security assurance, they are qualitative in nature and depend to a great extent on manually processing. This paper presents a quantitative evaluation approach for defining security assurance metrics using two perspectives, vulnerabilities and security requirements. While vulnerability represents the negative aspect that leads to a reduction of the assurance level, security requirement improves the assurance posture. The approach employs both Goal Question Metric (GQM) and Common Vulnerability Scoring System (CVSS) methods. GQM is used to construct measurement items for different types of assurance metrics and assess the fulfillment of security requirements or the absence of vulnerabilities, and CVSS is utilized to quantify the severity of vulnerabilities according to various attributes. Furthermore, a case study is provided in this work, which measures and evaluates the security assurance of a discussion forum application using our approach. This can assist SMEs to evaluate the overall security assurance of their systems, and result in a measure of confidence that indicates how well a system meets its security requirements.
Utgiver
International Academy, Research and Industry Association (IARIA)

Kontakt oss | Gi tilbakemelding

Personvernerklæring
DSpace software copyright © 2002-2019  DuraSpace

Levert av  Unit
 

 

Bla i

Hele arkivetDelarkiv og samlingerUtgivelsesdatoForfattereTitlerEmneordDokumenttyperTidsskrifterDenne samlingenUtgivelsesdatoForfattereTitlerEmneordDokumenttyperTidsskrifter

Min side

Logg inn

Statistikk

Besøksstatistikk

Kontakt oss | Gi tilbakemelding

Personvernerklæring
DSpace software copyright © 2002-2019  DuraSpace

Levert av  Unit