Ändra sökning
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
Option Based Evaluation: Security Evaluation of IT Products Based on Options Theory
KTH, Skolan för informations- och kommunikationsteknik (ICT), Elektronik- och datorsystem, ECS.
KTH, Skolan för informations- och kommunikationsteknik (ICT), Elektronik- och datorsystem, ECS.ORCID-id: 0000-0003-0565-9376
2009 (Engelska)Ingår i: IEEE  ECBS-EERC 2009, New York: IEEE , 2009, 134-141 s.Konferensbidrag, Publicerat paper (Refereegranskat)
Abstract [en]

Reliability of IT systems and infrastructure is a critical need for organizations to trust their business processes. This makes security evaluation of IT systems a prime concern for these organizations. Common Criteria is an elaborate, globally accepted security evaluation process that fulfills this need. However CC rigidly follows the initial specification and security threats and takes too long to evaluate and as such is also very expensive. Rapid development in technology and with it the new security threats further aggravates the long evaluation time problem of CC to the extent that by the time a CC evaluation is done, it may no longer be valid because new security threats have emerged that have not been factored in. To address these problems, we propose a novel Option Based Evaluation methodology for security of IT systems that can also be considered as an enhancement to the CC process. The objective is to address uncertainty issues in IT environment and speed up the slow CC based evaluation processes. OBE will follow incremental evaluation model and address the following main concerns based on options theory i.e. i) managing dynamic security requirement with mid-course decision management ii) devising evaluation as an improvement process iii) reducing cost and time for evaluation of an IT product.

Ort, förlag, år, upplaga, sidor
New York: IEEE , 2009. 134-141 s.
Nationell ämneskategori
Data- och informationsvetenskap
Identifikatorer
URN: urn:nbn:se:kth:diva-11204DOI: 10.1109/ECBS-EERC.2009.27ISI: 000274849200019Scopus ID: 2-s2.0-74349107955ISBN: 978-1-4244-4677-3 (tryckt)OAI: oai:DiVA.org:kth-11204DiVA: diva2:241484
Konferens
1st IEEE Eastern European Conference on the Engineering of Computer Based Systems Univ Novi Sad, Fac Tech Sci, Dept Comp Engn & Comp Commun, Novi Sad, SERBIA, SEP 07-08, 2009
Anmärkning
QC 20110218Tillgänglig från: 2009-10-03 Skapad: 2009-10-03 Senast uppdaterad: 2011-03-01Bibliografiskt granskad

Open Access i DiVA

Fulltext saknas

Övriga länkar

Förlagets fulltextScopus

Sök vidare i DiVA

Av författaren/redaktören
Abbas, HaiderHemani, Ahmed
Av organisationen
Elektronik- och datorsystem, ECS
Data- och informationsvetenskap

Sök vidare utanför DiVA

GoogleGoogle Scholar

Altmetricpoäng

Totalt: 179 träffar
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf