Handling and reporting security advisories: A scorecard approach

IEEE Security and Privacy

Volumn 3, Issue 4, 2005, Pages 32-41

  Lekkas, Dimitrios ^a   Spinellis, Diomidis ^b  

^a UNIVERSITY OF THE AEGEAN   (Greece)

^b ATHENS UNIVERSITY OF ECONOMICS AND BUSINESS   (Greece)

Author keywords

[No Author keywords available]

Indexed keywords

GOAL-QUESTION-METRIC APPROACH; METRICS; SECURITY ADVISORIES; VULNERABILITY;

DATA PRIVACY; INFORMATION ANALYSIS; RISK ASSESSMENT;

SECURITY OF DATA;

EID: 24344470236     PISSN: 15407993     EISSN: None     Source Type: Journal    
DOI: 10.1109/MSP.2005.98     Document Type: Review

References (13)

1. W. Arbaugh, W. Fithen, and J. McHugh, "Windows of Vulnerability: A Case Study Analysis," Computer, vol. 33, no. 12, 2000, pp. 52-59.
2. S. Mash, "Risk Assessment for Dummies," Computer Fraud & Security, vol. 2002, no. 12, 2002, pp. 11-13.
3. L. McGhie, "Software Patch Management - The New Frontier," Secure Business Quarterly, vol. 3, no. 2, 2003.
4. S. Gritzalis, "Information Systems Security in Distributed Environments," doctoral dissertation, Dept. of Informatics, Nat'l and Kapodistrian Univ. of Athens, 1998.
5. U. Lindqvist and E. Jonsson, "How to Systematically Classify Computer Security Intrusions," Proc. 1997 IEEE Symp. Security & Privacy, IEEE CS Press, 1997, pp. 154-163.
6. J. Howard and T. Longstaff, A Common Language for Computer Security Incidents, report no. SAND98-8667, Sandia Int'l Labs, 1998.
7. S. Katsikas, "Risk Management of Information Systems," Information Security: Technical, Legal, and Social Issues, E. Kiountouzis, ed., EPY Athens, 1995.
8. H. Venter and J. Eloff, "A Taxonomy for Information Security Technologies," Computers & Security, vol. 22, no. 4, 2003, pp. 299-307.
9. M. Laakso, "Introducing Constructive Vulnerability Disclosures," Proc. 13th FIRST Conf. Computer Security Incident Handling & Response, 2001.
10. R. Baskerville, "Risk Analysis: An Interpretative Feasibility Tool in Justifying Information Systems Security," European J. Information Systems, vol. 1, no. 2, 1991, pp. 121-130.
11. V.R. Basili, G. Caldiera, and D. Rombach, "The Goal Question Metric Approach," Encyclopedia of Software Engineering, vol. 2, John Wiley & Sons, 1994, pp. 528-532.
12. L. Buglione and A. Abran, "Balanced Scorecards and GQM: What Are the Differences?" Proc. 3rd European FESMA-AEMES Software Measurement Conf, 2000.
13. M. Bishop, "Trends in Academic Research: Vulnerabilities Analysis and Intrusion Detection," Computers & Security, vol. 21, no.7, 2002, pp. 609-612.