Evaluating security products based on appropriate usage

Author

Phatak, Vikram ; Moy, Rick

fYear

2011

fDate

18-19 Oct. 2011

Firstpage

27

Lastpage

33

Abstract

Information security products have evolved rapidly over the last decade. However, the science of evaluating products has virtually stood still during that same time period, creating a knowledge gap that has made it difficult for information security buyers to determine whether or not a product meets specific security and/or compliance needs. This paper discusses a new method for evaluating technology products based upon the appropriateness within the context that they will be deployed. By applying a Use Case-based methodology, information security professionals can more clearly identify detailed protection requirements for a given environment. Two examples are given: (1) Use Cases can clarify different application security requirements between retail storefronts and back-end e-commerce datacenters; and (2) Use Cases allow the assessment of anti-malware products based on the relative importance of different malware attack vectors to the endpoints being protected.

Keywords

computer centres; electronic commerce; invasive software; retail data processing; antimalware product assessment; appropriate usage; back-end e-commerce datacenters; information security buyers; information security products; information security professionals; knowledge gap; malware attack vectors; protection requirements; retail storefronts; security product evaluation; security requirements; technology product evaluation method; use case-based methodology; Decision support systems; Information security; Servers; Software; Testing; Vectors;

fLanguage

English

Publisher

ieee

Conference_Titel

Malicious and Unwanted Software (MALWARE), 2011 6th International Conference on

Conference_Location

Fajardo

Print_ISBN

978-1-4673-0031-5

Type

conf

DOI

10.1109/MALWARE.2011.6112323

Filename

6112323