Information Security System Rating and Ranking
暂无分享,去创建一个
e believe that the provision of security in systems is a subset of the systems engineering discipline, and that it has a heavy software-engineering component. As software engineers, we understand that the determination and application of measures and metrics is not an exact science, nor is it easily accomplished. We also realize that this difficulty carries over to the trusted systems world. How one measures the degree of protection present is, today, an unsolved question and is primarily accomplished by craftsmanship and not science. This issue of rating and ranking systems in terms of their assurance characteristics was at least partially addressed at a workshop on information security system ratings and ranking in Williamsburg, Va.,2 in spring 2001. We will hereafter refer to this as the workshop, as we reference it in support of our belief.
[1] Gregg Schudel,et al. Adversary work factor as a metric for information assurance , 2001, NSPW '00.
[2] P. S. Tasker,et al. DEPARTMENT OF DEFENSE TRUSTED COMPUTER SYSTEM EVALUATION CRITERIA , 1985 .