Towards a security metrics taxonomy for the information and communication technology industry

2nd International Conference on Software Engineering Advances - ICSEA 2007

Volumn , Issue , 2007, Pages 60-66

  Savola, Reijo ^a  

^a VTT TECHNICAL RESEARCH CENTRE OF FINLAND   (Finland)

Author keywords

Information security; Security metrics; Taxonomy

Indexed keywords

BRIDGES; INDUSTRIAL MANAGEMENT; SECURITY OF DATA; SOFTWARE ENGINEERING; SURVEYS;

ABSTRACTION LEVEL; FUTURE RESEARCH DIRECTIONS; ICT PRODUCTS; INFORMATION AND COMMUNICATION TECHNOLOGY INDUSTRY; INFORMATION SECURITY MANAGEMENTS; SECURITY ENGINEERING; SECURITY MANAGEMENT; SECURITY METRICS;

TAXONOMIES;

EID: 47849102178     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ICSEA.2007.79     Document Type: Conference Paper

References (32)

1. J. I. Alger, On Assurance, Measures, and Metrics: Definitions and Approaches. Proc. of Workshop on Information Security System Scoring and Ranking (WISSSR), ACSA and MITRE, Williamsburg, Virginia, May, 2001, proceedings published 2002.
2. ANSI/ISA-TR99.00.01-2004: Security Technologies for Manufacturing and Control Systems Standards. American National Standards Institute, Washington, D.C., 2004.
3. A. Avižienis, J.-C. Laprie, B. Randell and C. Landwehr, Basic Concepts and Taxonomy of Dependable and Secure Computing. IEEE Trans. on Dependable and Secure Computing. Vol. 1, No. 1. Jan/Mar, 2004
4. V. R. Basili and D. M. Weiss, A Methodology for Collecting Valid Software Engineering Data. IEEE Transactions on Software Engineering, SE-10(6):728-738, November 1984.
5. S. M. Bellovin, On the Brittleness of Software and the Infeasibility of Security Metrics. IEEE Security & Privacy, Jul/Aug, p. 96, 2006
6. P. E. Black, SAMATE's Contribution to Information Assurance. IAnewsletter, Vol. 9, No. 2, 2006.
7. P. Burris, C. King, C., A Few Good Security Metrics. METAGroup, Inc., Oct., 2000.
8. Canadian System Security Centre: The Canadian Trusted Computer Product Evaluation Criteria, Version 3.0e, January 1993, 233 p.
9. rd Int. Conf. Communication Network and Information Security (CNIS 2006), Cambridge, MA, 2006, pp. 156-164.
10. FIPS Publication 199, Standards for Security Categorization of Federal Information and Information Systems. Federal Information Processing Standards Publication, 2004.
11. R. Henning et al., Proceedings of Workshop on Information Security System, Scoring and Ranking - Information System Security Attribute Quantification or Ordering (Commonly but improperly known as "Security Metrics"), ACSA and MITRE, Williamsburg, Virginia, May, 2001, proceedings published 2002.
12. G. Jelen, SSE-CMM Security Metrics. NIST and CSSPAB Workshop, Washington, D.C., June 2000.
13. I3P. Institute for Information Infrastructure Protection, www.thei3p.org.
14. Information Security Forum (ISF). www.securityforum.org.
15. Information Security Forum (ISF): The Standard of Good Practice (SOGP). http://www.isfsecuritystandard.com/index_ns.htm, 2005.
16. Information Technology Security Evaluation Criteria (ITSEC) Version 1.2, Commission for the European Communities, 1991.
17. ISO/IEC 9126-1:2001. Software Engineering - Product Quality - Part 1: Quality Model. International Organization of Standardization, 2001.
18. ISO/IEC 15408-1:2005. Common Criteria for Information Technology Security Evaluation - Part 1: Introduction and General Model. International Organization of Standardization, 2005.
19. ISO/IEC 17799:2005. Information Technology - Security Techniques Code of Practice for Information Security Management. International Organization of Standardization, 2005.
20. E. B. Lennon (Ed.), IT Security Metrics. ITL Bulletin, August 2003. National Institute of Standards and Technology, 2003.
21. S. C Payne, A Guide to Security Metrics. SANS Institute Information Security Reading Room, June 2006.
22. R. Ross, A. Johnson, S. Katzke, P. Toth, G. Rogers, Guide for Assessing the Security Controls in Federal Information Systems. National Institute of Standards and Technology Special Publication 800-53A, 2006.
23. A. Sademies, Process Approach to Information Security Metrics in Finnish Industry and State Institutions. VTT Publications 544. 89 p. + app. 2 p., 2004.
24. nd Annual Conference on Privacy, Security and Trust (PST 2004), Fredericton, NB, Oct., 2004.
25. M. Stoddard et al., Process Control System Security Metrics - State of Practice. I3P Institute for Information Infrastructure Protection Research Report No. 1, Aug., 2005.
26. M. Swanson, Security Self-Assessment Guide for Information Technology Systems. National Institute of Standards and Technology Special Publication 800-26, Nov., 2001.
27. M. Swanson, N. Bartol, J. Sabato, J. Hash, L. Graffo, Security Metrics Guide for Information Technology Systems. National Institute of Standards and Technology Special Publication 800-55, Jul., 2003.
28. United States Department of Defense: Trusted Computer System Evaluation Criteria (TCSEC) "Orange Book", DoD Standard, DoD 5200.28-std, 1985.
29. United States National Computer Security Center: Trusted Network Interpretation of the Trusted Computer System Evaluation Criteria Version 1;NCSC-TG-005, 1987.
30. United States National Institute for Standards and Technology and National Security Agency, Federal Criteria for Information Technology Security - Draft Version 1.0, Jan. 1993, 2 volumes.
31. th Hawaii International Conference on System Sciences (HICSS 03), 2003.
32. B. S. Yee, Security Metrology and the Monty Hall Problem. Proc. of Workshop on Information Security System Scoring and Ranking (WISSSR), ACSA and MITRE, Williamsburg, Virginia, May, 2001, proceedings published 2002.