Security compliance: The next frontier in security research

Proceedings New Security Paradigms Workshop

Volumn , Issue , 2009, Pages 71-74

  Julisch, Klaus ^a  

^a IBM RESEARCH ZURICH   (Switzerland)

Author keywords

Compliance; Economics; Security

Indexed keywords

COMPLIANCE; IT SECURITY; MARKET PLACE; NEW DIRECTIONS; PRACTICAL SOLUTIONS; REAL-WORLD; RESEARCH CHALLENGES; SECURITY COMPLIANCE; SECURITY REQUIREMENTS; SECURITY RESEARCH; SECURITY THREATS;

SECURITY SYSTEMS; TECHNICAL PRESENTATIONS;

RESEARCH;

EID: 77950592910     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1595676.1595687     Document Type: Conference Paper

References (18)

1. E. Spafford, Solving some of the Wrong Problems, CERIAS Weblogs, 2007.
2. N. Eppel, Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security, on http://www.securityabsurdity.com/, 2007.
3. B. Schneier, Testimony and Statement for the Record of Bruce Schneier, on http://www.iwar.org.uk, 2001.
4. Anonymous, Trusted Computer System Evaluation Criteria, Department of Defense , on http://csrc.nist.gov/publications/history/dod85.pdf, 1985.
5. Anonymous, Information Technology Security Evaluation Criteria (ITSEC), Department of Trade and Industry, London, 1991.
6. Common Criteria, Part 1-3 on http://www.commoncriteriaportal.org/.
7. W. Sturgeon, Jail or compliance? You decide, Directors Told, on http://www.silicon.com, 2005.
8. B. Littlewood , S. Brocklehurst, N. Fenton, P. Mellor, S. Page, and D. Wright, Towards Operational Measures of Computer Security, Journal of Computer Security, 1993, pages 211-229.
9. R. Ortalo, Y. Deswarte, and M. Kaaniche, Experiments with Quantitative Evaluation Tools for Monitoring Operational Security, IEEE Transactions on Software Engineering, 25(5), 1999, pages 633-650.
10. E. Jonsson, An Integrated Framework for Security and Dependability, Proceedings of the 1998 Workshop on New security Paradigms, 1998, pages 22-29.
11. M. Howard, J. Pincus, and J.M. Wright, Measuring Relative Attack Surfaces, Proceedings of Workshop on Advanced Developments in Software and Systems Security, 2003.
12. D.S. Herrmann, Complete Guide to Security and Privacy Metrics, Auerbach Publications, 2007.
13. NISP SP 800-55, Security Metrics Guide for Information Technology Systems, National Institute of Standards and Technology, 2003.
14. The European Parliament, Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, Official Journal of the European Communities, 1995 No L. 281 page 31.
15. C. Giblin, A.Y. Liu, S. Mueller, B. Pfitzmann, and X Zhou, Regulations Expressed As Logical Models (REALM), Legal Knowledge and Information Systems, 2005, pages 37-48.
16. M. Waidner, Building Trust in Computing - Enterprise Security Perspective, IST Conference, 2004, The Hague.
17. J. Poritz, M. Schunter, E.V. Herreweghen, and M. Waidner, Property Attestation - Scalable and Privacy-Friendly Security Assessment of Peer Computers, IBM Research Report No. 99559, 2004.
18. R. Kanneganti and P. Chodavarapu, SOA Security, Manning, 2008.