Title :
CRSTIP -- An Assessment Scheme for Security Assessment Processes
Author :
Molnar, Arthur-Jozsef ; Grossmann, Jurgen
Author_Institution :
Inf. World, Bucharest, Romania
Abstract :
Complex networked systems are an integral part of today´s support infrastructures. Due to their importance, these systems become more and more the target for cyber-attacks, suffering a notable number of security incidents. Also, they are subject to regulation by national and international legislation. An operator of such an infrastructure or system is responsible for ensuring its security and correct functioning in order to satisfy customers. In addition, the entire process of risk and quality control needs to be efficient and manageable. This short paper introduces the Compliance, Risk Assessment and Security Testing Improvement Profiling (CRSTIP) scheme. CRSTIP is an evaluation scheme that enables assessing the maturity of security assessment processes, taking into consideration systematic use of formalisms, integration and tool-support in the areas of compliance assessment, security risk assessment and security testing. The paper describes the elements of the scheme and their application to one of the case studies of the RASEN research project.
Keywords :
computer crime; conformance testing; program testing; risk management; software quality; CRSTIP evaluation scheme; RASEN research project; assessment scheme; complex networked systems; compliance risk assessment and security testing improvement profiling; correct functioning; cyber-attacks; formalisms; international legislation; quality control; security assessment processes maturity; security incidents; tool-support; Documentation; Law; Organizations; Risk management; Security; Systematics; Testing; compliance assessment; risk assessment; security testing;
Conference_Titel :
Software Reliability Engineering Workshops (ISSREW), 2014 IEEE International Symposium on
Conference_Location :
Naples
DOI :
10.1109/ISSREW.2014.16
