Security assurance is the confidence that a system meets its security requirements based on specific evidences that an assurance technique provide. The notion of measuring security is complex and tricky. Existing approaches do not conisder the relevance of the different security requirements to the evaluated application context. Furthermore, they are mostly qualitative in nature and are heavily based on manual processing, which make them costly and time consuming. Therefore, they are not widely used and applied, especially by small and medium-sized enterprises (SME), which constitute the backbone of the Norwegian economy, In this paper, we propose a quantification method that aims at evaluating security assurance of systems by measuring (1) the level of confidence that the mechanisms fulfilling security requirements are present and (2) the vulnerabilities associated with possible security threats are absent. Additionally, an assurance evaluation process is proposed. Two case studies applying our method are presented. The case studies use our assurance method to evaluate the security level of two REST APIs developed by Statistics Norway, where one of the authors is employed. One of the REST APIs is public and the other is private. Analyzes show that the API with the most security mechanisms implemented got a slightly higher security assurance score. This was due to the fact that the vulnerabilities were considered more harmful in one of the cases as the security objectives diverged.
Our world is getting evolved to smart world day by day. This smart world is being developed to make people life easier through the data generated by the smart devices. Data is the fuel that powers the smart world evolution, however, making things smart have its consequences. Smart devices are inherently vulnerable to cyber attacks, that's why we are observing an increase in crimes related to cyber space comparing to physical space. To address these crimes, police of the future need to evolve as well and data will be at the center stage of this evolution. In this contribution we are proposing a data centric policing proposal for smart cities. We analyzed current and developing technologies and the opportunities they offered for smart policing for a smart world.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.