Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Option Based Evaluation: Security Evaluation of IT Products Based on Options Theory
KTH, School of Information and Communication Technology (ICT), Electronic, Computer and Software Systems, ECS.
KTH, School of Information and Communication Technology (ICT), Electronic, Computer and Software Systems, ECS.ORCID iD: 0000-0003-0565-9376
2009 (English)In: IEEE  ECBS-EERC 2009, New York: IEEE , 2009, 134-141 p.Conference paper, Published paper (Refereed)
Abstract [en]

Reliability of IT systems and infrastructure is a critical need for organizations to trust their business processes. This makes security evaluation of IT systems a prime concern for these organizations. Common Criteria is an elaborate, globally accepted security evaluation process that fulfills this need. However CC rigidly follows the initial specification and security threats and takes too long to evaluate and as such is also very expensive. Rapid development in technology and with it the new security threats further aggravates the long evaluation time problem of CC to the extent that by the time a CC evaluation is done, it may no longer be valid because new security threats have emerged that have not been factored in. To address these problems, we propose a novel Option Based Evaluation methodology for security of IT systems that can also be considered as an enhancement to the CC process. The objective is to address uncertainty issues in IT environment and speed up the slow CC based evaluation processes. OBE will follow incremental evaluation model and address the following main concerns based on options theory i.e. i) managing dynamic security requirement with mid-course decision management ii) devising evaluation as an improvement process iii) reducing cost and time for evaluation of an IT product.

Place, publisher, year, edition, pages
New York: IEEE , 2009. 134-141 p.
National Category
Computer and Information Science
Identifiers
URN: urn:nbn:se:kth:diva-11204DOI: 10.1109/ECBS-EERC.2009.27ISI: 000274849200019Scopus ID: 2-s2.0-74349107955ISBN: 978-1-4244-4677-3 (print)OAI: oai:DiVA.org:kth-11204DiVA: diva2:241484
Conference
1st IEEE Eastern European Conference on the Engineering of Computer Based Systems Univ Novi Sad, Fac Tech Sci, Dept Comp Engn & Comp Commun, Novi Sad, SERBIA, SEP 07-08, 2009
Note
QC 20110218Available from: 2009-10-03 Created: 2009-10-03 Last updated: 2011-03-01Bibliographically approved

Open Access in DiVA

No full text

Other links

Publisher's full textScopus

Authority records BETA

Hemani, Ahmed

Search in DiVA

By author/editor
Abbas, HaiderHemani, Ahmed
By organisation
Electronic, Computer and Software Systems, ECS
Computer and Information Science

Search outside of DiVA

GoogleGoogle Scholar

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 181 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf