Title :
A framework for system security assessment
Author :
Hallberg, Jonas ; Hunstad, Amund ; Peterson, Mikael
Abstract :
Security assessment is a central ability in the striving for adequate levels of IT security in information systems and networks. In this paper, the issue of system-wide IT security assessment is addressed. The results include a framework for IT security assessment addressing the need to include the influence of system structure in assessments. The purpose of the framework is twofold, to support the development of system security assessment methods and to enable the categorization of existing methods. Moreover, as an example of a possible approach to system security assessment, the CAESAR method is presented. CAESAR enables the calculation of scalar overall system security values as well as system-dependent security values for technical system entities.
Keywords :
information networks; information systems; security of data; CAESAR method; IT security; information networks; information systems; scalar overall system security values; security metrics; system security assessment; system structure; system-dependent security values; Art; Availability; Conferences; Data security; Information security; Mechanical factors; Power system modeling; Power system security; Predictive models;
Conference_Titel :
Information Assurance Workshop, 2005. IAW '05. Proceedings from the Sixth Annual IEEE SMC
Print_ISBN :
0-7803-9290-6
DOI :
10.1109/IAW.2005.1495956
