{"title":"A framework for system security assessment","authors":"J. Hallberg, A. Hunstad, M. Peterson","doi":"10.1109/IAW.2005.1495956","DOIUrl":null,"url":null,"abstract":"Security assessment is a central ability in the striving for adequate levels of IT security in information systems and networks. In this paper, the issue of system-wide IT security assessment is addressed. The results include a framework for IT security assessment addressing the need to include the influence of system structure in assessments. The purpose of the framework is twofold, to support the development of system security assessment methods and to enable the categorization of existing methods. Moreover, as an example of a possible approach to system security assessment, the CAESAR method is presented. CAESAR enables the calculation of scalar overall system security values as well as system-dependent security values for technical system entities.","PeriodicalId":252208,"journal":{"name":"Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop","volume":"144 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2005-06-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"27","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IAW.2005.1495956","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 27
Abstract
Security assessment is a central ability in the striving for adequate levels of IT security in information systems and networks. In this paper, the issue of system-wide IT security assessment is addressed. The results include a framework for IT security assessment addressing the need to include the influence of system structure in assessments. The purpose of the framework is twofold, to support the development of system security assessment methods and to enable the categorization of existing methods. Moreover, as an example of a possible approach to system security assessment, the CAESAR method is presented. CAESAR enables the calculation of scalar overall system security values as well as system-dependent security values for technical system entities.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
