Reijo Savola scite author profile

The lack of appropriate information security solutions in software-intensive systems can have serious consequences for businesses and the stakeholders. Carefully designed security metrics can be used to offer evidence of the security behavior of the system under development or operation. This study investigates holistic development of security metrics for a distributed messaging system based on threat analysis, security requirements, decomposition and use case information. Our approach is thus requirement-centric. The high-level security requirements are expressed in terms of lower-level measurable components applying a decomposition approach.

show abstract

Towards a taxonomy for information security metrics

Savola

2007

View full text Add to dashboard Cite

Quality of security metrics and measurements

Savola

2013

Computers & Security

View full text Add to dashboard Cite

Towards a Security Metrics Taxonomy for the Information and Communication Technology Industry

Savola

2007

View full text Add to dashboard Cite

A Security Metrics Taxonomization Model for Software-Intensive Systems

Savola¹

2009

Journal of Information Processing Systems

View full text Add to dashboard Cite

Abstract:We introduce a novel high-level security metrics objective taxonomization model for software-intensive systems. The model systematizes and organizes security metrics development activities. It focuses on the security level and security performance of technical systems while taking into account the alignment of metrics objectives with different business and other management goals. The model emphasizes the roles of security-enforcing mechanisms, the overall security quality of the system under investigation, and secure system lifecycle, project and business management. Security correctness, effectiveness and efficiency are seen as the fundamental measurement objectives, determining the directions for more detailed security metrics development. Integration of the proposed model with riskdriven security metrics development approaches is also discussed.

show abstract

A visualization and modeling tool for security metrics and measurements management

Savola

Heinonen

2011

View full text Add to dashboard Cite

Abstract-Sufficient and credible information security measurement in software-intensive systems requires use of a variety of security metrics offering security-related evidence from different viewpoints. Visualization is needed to facilitate management of security metrics and measurements and to increase the meaningfulness of them in decision-making such as security assurance and risk management. We introduce a novel visualization and modeling tool for hierarchical specification and deployment of security metrics and measurements. The tool connects high-level risk-driven security objectives with detailed measurements and evidence gathering. The tool facilitates the management of a large number of metrics and measurements without losing appropriate granularity that is crucial for informed security decision-making.

show abstract

Senior Executives Commitment to Information Security – from Motivation to Responsibility

Kajava

Anttila²,

Varonen

et al. 2007

View full text Add to dashboard Cite

Metrics-driven security objective decomposition for an e-health application with adaptive security management

Savola

Abie

2013

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Reijo Savola

Identification of Basic Measurable Security Components for a Distributed Messaging System

Towards a taxonomy for information security metrics

Quality of security metrics and measurements

Towards a Security Metrics Taxonomy for the Information and Communication Technology Industry

A Security Metrics Taxonomization Model for Software-Intensive Systems

A visualization and modeling tool for security metrics and measurements management

Senior Executives Commitment to Information Security – from Motivation to Responsibility

Metrics-driven security objective decomposition for an e-health application with adaptive security management

Contact Info

Product

Resources

About