An InputaOutput Measurable Design for the Security Meter Model to Quantify and Manage Software Security Risk

The need for information security is self-evident. The pervasiveness of this critical topic requires primarily risk assessment and management through quantitative means. To do an assessment, repeated security probes, surveys, and input data measurements must be taken and verified toward the goal of...

Full description

Saved in:
Bibliographic Details
Published in:IEEE transactions on instrumentation and measurement 2008-01, Vol.57 (6)
Main Author: Sahinoglu, M
Format: Article
Language:English
Subjects:
Computer information security
Computer simulation
Instrumentation
Measuring instruments
Meters
Monte Carlo methods
Risk
Security
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:The need for information security is self-evident. The pervasiveness of this critical topic requires primarily risk assessment and management through quantitative means. To do an assessment, repeated security probes, surveys, and input data measurements must be taken and verified toward the goal of risk mitigation. One can evaluate risk using a probabilistically accurate statistical estimation scheme in a quantitative security meter (SM) model that mimics the events of the breach of security. An empirical study is presented and verified by discrete-event and Monte Carlo simulations. The design improves as more data are collected and updated. Practical aspects of the SM are presented with a real-world example and a risk-management scenario.
ISSN:0018-9456
DOI:10.1109/TIM.2007.915139