• DocumentCode
    1086090
  • Title

    An Input–Output Measurable Design for the Security Meter Model to Quantify and Manage Software Security Risk

  • Author

    Sahinoglu, Mehmet

  • Author_Institution
    Dept. of Comput. Sci., Troy Univ., Montgomery, AL
  • Volume
    57
  • Issue
    6
  • fYear
    2008
  • fDate
    6/1/2008 12:00:00 AM
  • Firstpage
    1251
  • Lastpage
    1260
  • Abstract
    The need for information security is self-evident. The pervasiveness of this critical topic requires primarily risk assessment and management through quantitative means. To do an assessment, repeated security probes, surveys, and input data measurements must be taken and verified toward the goal of risk mitigation. One can evaluate risk using a probabilistically accurate statistical estimation scheme in a quantitative security meter (SM) model that mimics the events of the breach of security. An empirical study is presented and verified by discrete-event and Monte Carlo simulations. The design improves as more data are collected and updated. Practical aspects of the SM are presented with a real-world example and a risk-management scenario.
  • Keywords
    Monte Carlo methods; discrete event simulation; risk management; security of data; Monte Carlo simulations; discrete-event simulations; information security; input-output measurable design; quantitative security meter model; risk assessment; risk management; software security risk; Assessment; cost; countermeasure; data; management; probability; quantity; reliability; risk; security; simulation; statistics; threat; vulnerability;
  • fLanguage
    English
  • Journal_Title
    Instrumentation and Measurement, IEEE Transactions on
  • Publisher
    ieee
  • ISSN
    0018-9456
  • Type

    jour

  • DOI
    10.1109/TIM.2007.915139
  • Filename
    4459375
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=1086090