Title :
An Input–Output Measurable Design for the Security Meter Model to Quantify and Manage Software Security Risk
Author :
Sahinoglu, Mehmet
Author_Institution :
Dept. of Comput. Sci., Troy Univ., Montgomery, AL
fDate :
6/1/2008 12:00:00 AM
Abstract :
The need for information security is self-evident. The pervasiveness of this critical topic requires primarily risk assessment and management through quantitative means. To do an assessment, repeated security probes, surveys, and input data measurements must be taken and verified toward the goal of risk mitigation. One can evaluate risk using a probabilistically accurate statistical estimation scheme in a quantitative security meter (SM) model that mimics the events of the breach of security. An empirical study is presented and verified by discrete-event and Monte Carlo simulations. The design improves as more data are collected and updated. Practical aspects of the SM are presented with a real-world example and a risk-management scenario.
Keywords :
Monte Carlo methods; discrete event simulation; risk management; security of data; Monte Carlo simulations; discrete-event simulations; information security; input-output measurable design; quantitative security meter model; risk assessment; risk management; software security risk; Assessment; cost; countermeasure; data; management; probability; quantity; reliability; risk; security; simulation; statistics; threat; vulnerability;
Journal_Title :
Instrumentation and Measurement, IEEE Transactions on
DOI :
10.1109/TIM.2007.915139
