Quantitative security metrics: Unattainable holy grail or a vital breakthrough within our reach?

IEEE Security and Privacy

Volumn 12, Issue 2, 2014, Pages 67-69

  Sanders, William H ^a  

^a UNIVERSITY OF ILLINOIS AT URBANA CHAMPAIGN   (United States)

Author keywords

Computer security; Quantitative security metrics; Risk management; Security metrics; Trustworthy computing

Indexed keywords

SECURITY OF DATA;

PREDICTIVE CAPACITY; SECURITY METRICS; SYSTEM SECURITY; TRUSTWORTHY COMPUTING;

RISK MANAGEMENT;

EID: 84899540969     PISSN: 15407993     EISSN: None     Source Type: Journal    
DOI: 10.1109/MSP.2014.31     Document Type: Article

References (6)

1. Four Grand Challenges in Trustworthy Computing, Computing Research Assoc., 2006; http://archive.cra.org/ reports/trustworthy.computing.pdf.
2. Hard Problem List, InfoSec Research Council, Nov. 2005; www. infosec - research.o rg/doc spublic/20051130-IRC-HPL -FINAL.pdf.
3. President's Information Technology Advisory Committee, Cyber Security: A Crisis of Prioritization, US Nat'l Coordination Office for Information Technology Research and Development, Feb. 2005; www.nitrd.gov/pitac/ reports/20050301cybersecurity/ cybersecurity.pdf.
4. Guide for Assessing the Security Controls in Federal Information Systems and Organizations, NIST Special Publication 800-53A, rev. 1, US Nat'l Inst. of Standards and Technology, June 2010; http://csrc.nist. gov/publications/ nistpubs/800 -53A-rev1/sp800-53A-rev1-final.pdf.
5. ISO/IEC 21827:2008: Information Technology-Security Techniques- Systems Security Engineering-Capability Maturity Model (SSE-CMM), Int'l Org. for Standardization and Int'l Electrotechnical Commission, 16 Oct. 2008.
6. Common Methodology for Information Technology Security Evaluation, ver. 2.3, CCMB-2005-08-004, Common Criteria, Aug. 2005; www.commoncriteriaportal.org/ files/ccfiles/cemv2.3.pdf.