کد مقاله کد نشریه سال انتشار مقاله انگلیسی نسخه تمام متن
455993 695619 2013 13 صفحه PDF دانلود رایگان
عنوان انگلیسی مقاله ISI
Quality of security metrics and measurements
موضوعات مرتبط
مهندسی و علوم پایه مهندسی کامپیوتر شبکه های کامپیوتری و ارتباطات
پیش نمایش صفحه اول مقاله
Quality of security metrics and measurements
چکیده انگلیسی


• The results for prioritization of security metrics quality criteria are presented.
• A conceptual security metrics quality criteria model is proposed.
• The results derive from a security metrics expert study and an interview study.
• Correctness, measurability, and meaningfulness are the foundational criteria.
• In addition to the foundational criteria, usability should be emphasized.

Quantification of information security can be used to obtain evidence to support decision-making about the security performance of software systems. Knowledge about the relational importance of the main quality criteria of security metrics can help build security metrology models based on practical needs. This paper presents the results of a quantitative security metrics expert survey of 141 respondents, and an associated interview study, regarding the prioritization of 19 quality criteria of security metrics identified in the literature. The interviews were used to validate the survey results and to obtain further information on the findings. The results identified three foundational quality criteria of security metrics: correctness, measurability, and meaningfulness. These criteria form the basis for credibility and sufficiency for security metrics and associated measurements. Moreover, usability was seen as an important criterion. The paper analyzes the foundational and related quality criteria and proposes a model of them.

ناشر
Database: Elsevier - ScienceDirect (ساینس دایرکت)
Journal: Computers & Security - Volume 37, September 2013, Pages 78–90
نویسندگان
,