论文信息 - On System Security Metrics and the Definition Approaches

On System Security Metrics and the Definition Approaches

In this survey paper, we assess existing approaches to security metric definition. We classify proposed definitions and discuss their advantages and problems. We argue that without a more restrictive definition, the apparently common term degenerates to a mere buzzword, which can be dangerous in terms of suggested comparability. We conclude with some guidelines on IS metric definition and sketch an alternative concept for the operational IS security evaluation.

Artur Hecker | A. Hecker

[1] Stephen F. Bush,et al. Information assurance through Kolmogorov complexity , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[2] Marianne Swanson,et al. Security metrics guide for information technology systems , 2003 .

[3] Ioannis Lambadaris,et al. Current Trends and Advances in Information Assurance Metrics , 2004, Conference on Privacy, Security and Trust.

[4] Steven M. Bellovin. On the Brittleness of Software and the Infeasibility of Security Metrics , 2006, IEEE Security & Privacy Magazine.

[5] A. Zuccato,et al. Service oriented modeling of communication infastructure for assurance , 2006, 2006 IEEE Information Assurance Workshop.

[6] Rayford B. Vaughn,et al. Information assurance measures and metrics - state of practice and proposed taxonomy , 2003, 36th Annual Hawaii International Conference on System Sciences, 2003. Proceedings of the.

[7] Jim Goldman,et al. Metrics based security assessment (MBSA): combining the ISO 17799 standard with the systems security engineering capability maturity model (SSE-CMM) , 2004 .

[8] Karen A. Scarfone,et al. A Complete Guide to the Common Vulnerability Scoring System Version 2.0 | NIST , 2007 .