Endre søk
RefereraExporteraLink to record
Permanent link

Direct link
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annet format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annet språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
Option Based Evaluation: Security Evaluation of IT Products Based on Options Theory
KTH, Skolan för informations- och kommunikationsteknik (ICT), Elektronik- och datorsystem, ECS.
KTH, Skolan för informations- och kommunikationsteknik (ICT), Elektronik- och datorsystem, ECS.ORCID-id: 0000-0003-0565-9376
2009 (engelsk)Inngår i: IEEE  ECBS-EERC 2009, New York: IEEE , 2009, 134-141 s.Konferansepaper, Publicerat paper (Fagfellevurdert)
Abstract [en]

Reliability of IT systems and infrastructure is a critical need for organizations to trust their business processes. This makes security evaluation of IT systems a prime concern for these organizations. Common Criteria is an elaborate, globally accepted security evaluation process that fulfills this need. However CC rigidly follows the initial specification and security threats and takes too long to evaluate and as such is also very expensive. Rapid development in technology and with it the new security threats further aggravates the long evaluation time problem of CC to the extent that by the time a CC evaluation is done, it may no longer be valid because new security threats have emerged that have not been factored in. To address these problems, we propose a novel Option Based Evaluation methodology for security of IT systems that can also be considered as an enhancement to the CC process. The objective is to address uncertainty issues in IT environment and speed up the slow CC based evaluation processes. OBE will follow incremental evaluation model and address the following main concerns based on options theory i.e. i) managing dynamic security requirement with mid-course decision management ii) devising evaluation as an improvement process iii) reducing cost and time for evaluation of an IT product.

sted, utgiver, år, opplag, sider
New York: IEEE , 2009. 134-141 s.
HSV kategori
Identifikatorer
URN: urn:nbn:se:kth:diva-11204DOI: 10.1109/ECBS-EERC.2009.27ISI: 000274849200019Scopus ID: 2-s2.0-74349107955ISBN: 978-1-4244-4677-3 (tryckt)OAI: oai:DiVA.org:kth-11204DiVA: diva2:241484
Konferanse
1st IEEE Eastern European Conference on the Engineering of Computer Based Systems Univ Novi Sad, Fac Tech Sci, Dept Comp Engn & Comp Commun, Novi Sad, SERBIA, SEP 07-08, 2009
Merknad
QC 20110218Tilgjengelig fra: 2009-10-03 Laget: 2009-10-03 Sist oppdatert: 2011-03-01bibliografisk kontrollert

Open Access i DiVA

Fulltekst mangler

Andre lenker

Forlagets fulltekstScopus

Søk i DiVA

Av forfatter/redaktør
Abbas, HaiderHemani, Ahmed
Av organisasjonen

Søk utenfor DiVA

GoogleGoogle Scholar

Altmetric

Totalt: 180 treff
RefereraExporteraLink to record
Permanent link

Direct link
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annet format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annet språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf