A visualization and modeling tool for security metrics and measurements management

2011 Information Security for South Africa - Proceedings of the ISSA 2011 Conference

Volumn , Issue , 2011, Pages

  Savola, Reijo M ^a   Heinonen, Petri ^a  

^a VTT TECHNICAL RESEARCH CENTRE OF FINLAND   (Finland)

Author keywords

risk management; security assurance; security metrics; visualization

Indexed keywords

INFORMATION-SECURITY MEASUREMENT; MODELING TOOL; SECURITY ASSURANCE; SECURITY METRICS; SECURITY OBJECTIVES; SOFTWARE INTENSIVE SYSTEMS;

DECISION MAKING; INFORMATION MANAGEMENT; MEASUREMENTS; RISK MANAGEMENT; VISUALIZATION;

SECURITY OF DATA;

EID: 80053954598     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ISSA.2011.6027518     Document Type: Conference Paper

References (33)

1. R. Savola and P. Heinonen, "Security-measurability-enhancing mechanisms for a distributed adaptive security monitoring system", SECURWARE '10, Venice/Mestre, Italy, Jul. 18-25, 2010, pp. 25-34.
2. R. Savola, "A security metrics taxonomization model for software-intensive systems," Journal of Information Processing Systems, Vol. 5, No. 4, Dec. 2009, pp. 197-206.
3. R. Savola, H. Pentikäinen and M. Ouedraogo, "Towards security effectiveness measurement utilizing risk-based security assurance, "Proceedings of the 2010 Information Security for South Africa (ISSA 2010) Conference, August 2-4, 2010, Sandton, South Africa, 8 p.
4. R. Savola, "A taxonomical approach for information security metrics development," NORDSEC '07, 2007.
5. ISO/IEC 27000:2009: Information technology - Security techniques - Information security management systems - Overview and vocabulary. ISO/IEC, 2009.
6. Information Technology Security Evaluation Criteria (ITSEC), Version 1.2, Commission for the European Communities, 1991.
7. R. Savola, "On the feasibility of utilizing security metrics in software-intensive systems," International Journal of Computer Science and Network Security, Vol. 10, No. 1, Jan. 2010, pp. 230-239.
8. D. S. Herrmann, "Complete guide to security and privacy metrics - measuring regulatory compliance, operational resilience and ROI,"Auerbach Publications, 2007, 824 p.
9. A. Jaquith, "Security metrics: replacing fear, uncertainty and doubt,"Addison-Wesley, 2007.
10. N. Bartol, B. Bates, K.M. Goertzel, and T. Winograd, "Measuring cyber security and information assurance: a state-of-the-art report,"Information Assurance Technology Analysis Center IATAC, May 2009.
11. V. Verendel, "Quantified security is a weak hypothesis: a critical survey of results and assumptions," New Security Paradigms Workshop, Oxford, U.K., 2009, pp. 37-50.
12. R. Savola, "A novel security metrics taxonomy for R&D organisations,"ISSA '08, 2008, pp. 379-390.
13. nd Ed. Morgan Kaufmann Publishers, San Francsico, CA, 580 p.
14. S.K. Card, J.D. Mackinlay and B. Shneiderman, "Readings in information visualization: using vision to think", Morgan Kaufmann Publishers, San Francisco, CA, 686 p.
15. G. McGraw, "Software security - building security in," Addison-Wesley, 2006.
16. M. Howard and D. LeBlanc, "Writing secure code," Microsoft, 2003.
17. R. Savola and H. Abie, "Development of measurable security for a distributed messaging system," International Journal on Advances in Security, Vol. 2, No. 4, 2009, pp. 358-380 (March 2010).
18. R. Savola and H. Abie, "Identification of basic measurable security components for a distributed messaging system," SECURWARE '09, Athens/Glyfada, Greece, Jun. 18-23, 2009, pp. 121-128.
19. th National Information Systems Security Conference, Baltimore, MD, Oct. 1997, pp. 522-533.
20. E.H. Chi, "A taxonomy of visualization techniques using the data state reference model", IEEE Symposium on Information Visualization 2000, Oct. 9-10, 2000, Salt Lake City, UT.
21. R.T. Fielding and R.N. Taylor, "Principled design of the modern web architecture", ACM Transactions on Internet Technology, 2 (2): 115-150.
22. T. Kanstrén and R. Savola, "Definition of core requirements and a reference architecture for a dependable, secure and adaptive distributed monitoring framework", DEPEND '10, Venice/Mestre, Italy, Jul. 18-25, 2010, pp. 154-163.
23. T. Kanstrén, R. Savola, A. Evesti, H. Pentikäinen, A. Hecker, M. Ouedraogo, K. Hätönen, P. Halonen, C. Blad, O. López and S. Ros, "Towards an abstraction layer for security assurance measurements (Invited Paper)", Proc. of ECSA '10: Companion Volume, pp. 189-196.
24. W.E. Burr et al., "Electronic authentication guideline," National Institute of Standards and Technology, U.S. Department of Commerce, NIST Special Publication 800-63-1, Draft, Dec. 8, 2008, 97 p.
25. SecViz - Security Visualization. http://www.secviz.org/node/89 [Accessed: April 29, 2011].
26. Slax - Your Pocket Operating System. http://www.slax.org [Accessed: April 29, 2011].
27. J. Kuusijärvi, "Interactive visualization of quality variability at runtime", VTT Technical Research Centre of Finland, VTT Publications 746, 111 p.
28. J. McPherson, K.-L. Ma, P. Krystosk, T. Bartoletti and M. Christensen, "PortVis: A tool for port-based detection of security events", VizSEC/DMSEC '04, Oct. 29, 2004, Washington, D.C., pp. 73-81.
29. H. Koike and K. Ohno, "SnortView: Visualization system of snort logs", VizSEC/DMSEC '04, Oct. 29, 2004, Washington D.C., pp. 143-147.
30. R. Marty, "Applied security visualization", Addison-Wesley, 2008, 552 p.
31. Q. Wang, W. Wang, R. Brown, K. Driesen, B. Dufour, L. Hendren and C. Verbrugge, "Evolve: an open extensible software visualization framework", SoftVis '03, June 11-13, 2003, San Diego, CA.
32. J. Heer, S.K. Card and J.A. Landay, "Prefuse: A toolkit for interactive information visualization", CHI '05, April 2-7, 2005, Portland, OR, pp. 421-430.
33. W. de Pauw, H. Andrade and L. Amini, "Streamsight: A visualization tool for large-scale streaming applications", SoftVis '08, Sept. 16-17, 2008, Ammersee, Germany, pp. 125-134.