Quality of security metrics and measurements

Computers and Security

Volumn 37, Issue , 2013, Pages 78-90

  Savola, Reijo M ^a  

^a VTT TECHNICAL RESEARCH CENTRE OF FINLAND   (Finland)

Author keywords

Expert opinion survey; Quality of security metrics; Security effectiveness; Security metrics; Security quantification

Indexed keywords

EXPERT OPINION; QUALITY-OF-SECURITY; SECURITY EFFECTIVENESS; SECURITY METRICS; SECURITY QUANTIFICATION;

SECURITY OF DATA;

SURVEYS;

EID: 84878819919     PISSN: 01674048     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.cose.2013.05.002     Document Type: Article

References (37)

1. A. Atzeni, and A. Lioy Why to adopt a security metric? A little survey 1st Workshop on quality of protection (QoP 2005) Milan, Italy Sep. 2005 1 12
2. R. Axelrod Risk in networked information systems 2003 Gerald R. Ford School of Public Policy, University of Michigan
3. J.L. Bayuk Measuring systems security: an initial security theoretical construct framework Doctoral thesis 2011 Stevens Institute of Technology Hoboken, N.J.
4. R. Böhme, and F.C. Freiling On metrics and measurements I. Eusgeld, F.C. Freiling, R. Reussner, Dependability metrics, LNCS 4909 2008 Springer-Verlag 7 13
5. R. Böhme, and R. Reussner Validation of predictions with measurements I. Eusgeld, F.C. Freiling, R. Reussner, Dependability metrics, LNCS 4909 2008 Springer-Verlag 14 18
6. Building security assurance in open infrastructure, beyond (BUGYO) beyond project www.celticplus.eu/Projects/Celtic-projects/Call5/BUGYO-BEYOND/bugyo- beyond-default.asp May 11, 2013
7. Dependability Benchmarking (DBench) Project (EU IST-2000-25425) K. Kanoun, H. Madeira, Y. Crouzet, M. dal Cin, F. Moreira, and J.-C. Ruiz García DBench dependability benchmarks 2004 235 p
8. N.E. Fenton, and A. Melton Measurement theory and software measurement A. Melton, Software measurement 1996 International Thomson Computer Press 27 38
9. E. Frøkjær, M. Hertzum, and K. Hornbæk Measuring usability: are effectiveness, efficiency, and satisfaction really correlated? ACM conference on human factors in computing systems (CHI '00) The Hague, The Netherlands April 1-6, 2000 345 352
10. Genetic message oriented secure middleware (GEMOM) EU FP7 project cordis.europa.eu May 11, 2013
11. R. Henning Proceedings of workshop on information security system, scoring and ranking - information system security attribute quantification or ordering 2002 ACSA and MITRE, May 2001 Williamsburg, Virginia
12. IEEE Standard 1061-1998 Standard for a software quality metrics methodology 1998 Institute of Electrical and Electronics Engineers Standards Department Piscataway, N.J.
13. Information technology security evaluation criteria (ITSEC), Version 1.2 1991 Commission for the European Communities
14. ISO/IEC 21827:2003 Information technology - systems security engineering - capability maturity model (SSE-CMM) 2003 International Organization for Standardization and the International Electrotechnical Commission
15. ISO/IEC Guide 99:2007 International vocabulary of metrology - basic and general concepts and associated terms (VIM) 2007 International Organization for Standardization and the International Electrotechnical Commission
16. W. Jansen Directions in security metrics research NISTIR 7564 Apr. 2009 U.S. National Institute of Standards and Technology 21 p
17. A. Jaquith Security metrics - replacing fear, uncertainty and doubt 2007 Addison-Wesley 306
18. A. Jaquith Proving your worth - follow these steps to create a successful security metrics program Information Security 12 2 March 2010 29 33
19. G. Jelen SSE-CMM security metrics NIST and CSSPAB workshop Washington, D.C. Jun. 13-14, 2000
20. J.A. Jones An introduction to factor analysis of information risk (FAIR) Risk management insight 2005
21. C. Kaner, and W.P. Bond Software engineering metrics: what do they measure and how do we know? 10th International software metrics symposium, Chicago Sept. 2004
22. M.G. Kendall, and B. Babington Smith The problem of m rankings The Annals of Mathematical Statistics 10 3 1939 275 287
23. J.B. MacQueen Some methods for classification and analysis of multivariate observations Berkeley symposium on mathematical statistics and probability vol. 5 1967 University of California Press 281 297
24. Managing assurance, security and trust for sERvices (MASTER) EU FP7 project cordis.europa.eu May 11, 2013
25. J.P. Pironti Developing metrics for effective information security governance Information Systems Control Journal 2 2007
26. D. Rathbun Gathering security metrics and reaping the rewards Oct. 7, 2009 SANS Institute Information Security Reading Room 21 p.
27. V. Rouhiainen The quality assessment of safety analysis Doctoral thesis 1990 VTT Technical Research Centre of Finland Espoo, Finland
28. R. Savola A security metrics taxonomization model for software-intensive systems Journal of Information Processing Systems 5 4 Dec. 2009 197 206
29. R. Savola, and P. Heinonen A visualization and modeling tool for security metrics and measurements management Proceedings of the 2011 information security for South Africa (ISSA 2011) conference Johannesburg, South Africa Aug. 15-17, 2011 8 p.
30. R. Savola, C. Frühwirth, and A. Pietikäinen Risk-driven security metrics in agile software development - an industrial pilot study Journal of Universal Computer Science 18 12 Sept. 2012 1679 1702
31. R. Savola On the feasibility of utilizing security metrics in software-intensive systems International Journal of Computer Science and Network Security 10 1 Jan. 2010 230 239
32. S.E. Schechter Computer security strength & risk: a quantitative approach PhD thesis May 2004 Harvard University Cambridge, Massachusetts
33. Smart objects for intelligent applications (SOFIA) ARTEMIS project cordis.europa.eu May 11, 2013
34. V. Verendel Some problems in quantified security Licentiate thesis 2010 Chalmers University of Technology Gothenburg, Sweden
35. D. Westen, and R. Rosenthal Quantifying construct validity: two simple measures Journal of Personality and Social Psychology 84 3 2003 608 618
36. J.R. Williams, and G.F. Jelen A framework for reasoning about assurance 1998 Arca Systems, Inc 43
37. www.securitymetrics.org; May 11, 2013.