Security Objectives within a Security Testing Case Study

Abstract

Obviously, there is a need for automated information security analysis, validation, evaluation and testing approaches. Unfortunately, there is no state-of-art approach to carrying out information security evaluation in a systematic way. Information security evaluation of software-intensive and telecommunications systems typically relies heavily on the experience of the security professionals. Requirements are within the focus of the information security evaluation process. Information security requirements can be based on iterative risk, threat and vulnerability analyses, and technical and architectural information. There is a need for more practical ways to carry out this iterative process. In this paper we discuss security evaluation process, security objectives and security requirements from the basis of the experiences of a security testing project

DOI: 10.1109/ARES.2007.136

2 Figures and Tables

Showing 1-10 of 15 references

Second International Conference on Availability, Reliability and Security

  • 2007

UMA Overview

  • Participating Uma, Companies
  • 2006

A Survey of Security Metrics Use in Some Finnish Organizations

  • A Sademies, R Savola
  • 2005

ISO/IEC 17799 Information Technology – Code of Practice for Information Security Management

  • 2005

ISO/IEC 18028 " , IT network security -Network security management

  • 2005

ISO/IEC 27001 Information security management systems – Requirements

  • 2005

Coverity's kernel code quality study

  • Inc Coverity
  • 2004

http://sourceforge.net/projects/ggsn

  • Sourceforge, Openggsn Net, Project
  • 2003
Showing 1-2 of 2 extracted citations