Title :
A Critical Survey of Security Indicator Approaches
Author :
Rudolph, Manuel ; Schwarz, Reinhard
Author_Institution :
Fraunhofer Inst. for Exp. Software Eng. (IESE), Kaiserslautern, Germany
Abstract :
To better control IT security in software engineering and IT management, we need to assess security qualities in the different phases of a system´s lifecycle. To this end, various security indicators, measures, and metrics have been proposed by scientists and practitioners, but few have gained general acceptance. We surveyed the current state of the art in qualita-tive and quantitative security measurement to characterize the available measurement strategies, their maturity, and the conceptual or technical obstacles preventing further progress in this field of research. We classified the proposed security indicators with respect to their characteristic properties and derived a classification tree delineating the different security assessment strategies and their derived security measures. Based on this overview, we analyzed the relative merits and deficiencies of current approaches, and we suggested future steps towards better security metrics. This paper summarizes the main results of our survey.
Keywords :
DP management; decision trees; pattern classification; security of data; software metrics; IT management; IT security control; classification tree; qualitative security measurement; quantitative security measurement; security indicators; security metrics; security quality assessment; software engineering; system lifecycle; Classification tree analysis; Current measurement; Security; Software; Standards; Terminology; IT security; IT security assurance; security indicators; security metrics;
Conference_Titel :
Availability, Reliability and Security (ARES), 2012 Seventh International Conference on
Conference_Location :
Prague
Print_ISBN :
978-1-4673-2244-7
DOI :
10.1109/ARES.2012.10
