NexTech 2021 Congress
October 03, 2021 to October 07, 2021 - Barcelona, Spain

  • UBICOMM 2021, The Fifteenth International Conference on Mobile Ubiquitous Computing, Systems, Services and Technologies
  • ADVCOMP 2021, The Fifteenth International Conference on Advanced Engineering Computing and Applications in Sciences
  • SEMAPRO 2021, The Fifteenth International Conference on Advances in Semantic Processing
  • AMBIENT 2021, The Eleventh International Conference on Ambient Computing, Applications, Services and Technologies
  • EMERGING 2021, The Thirteenth International Conference on Emerging Networks and Systems Intelligence
  • DATA ANALYTICS 2021, The Tenth International Conference on Data Analytics
  • GLOBAL HEALTH 2021, The Tenth International Conference on Global Health Challenges
  • CYBER 2021, The Sixth International Conference on Cyber-Technologies and Cyber-Systems

SoftNet 2021 Congress
October 03, 2021 to October 07, 2021 - Barcelona, Spain

  • ICSEA 2021, The Sixteenth International Conference on Software Engineering Advances
  • ICSNC 2021, The Sixteenth International Conference on Systems and Networks Communications
  • CENTRIC 2021, The Fourteenth International Conference on Advances in Human-oriented and Personalized Mechanisms, Technologies, and Services
  • VALID 2021, The Thirteenth International Conference on Advances in System Testing and Validation Lifecycle
  • SIMUL 2021, The Thirteenth International Conference on Advances in System Simulation
  • SOTICS 2021, The Eleventh International Conference on Social Media Technologies, Communication, and Informatics
  • INNOV 2021, The Tenth International Conference on Communications, Computation, Networks and Technologies
  • HEALTHINFO 2021, The Sixth International Conference on Informatics and Assistive Technologies for Health-Care, Medical Support and Wellbeing

NetWare 2021 Congress
November 14, 2021 to November 18, 2021 - Athens, Greece

  • SENSORCOMM 2021, The Fifteenth International Conference on Sensor Technologies and Applications
  • SENSORDEVICES 2021, The Twelfth International Conference on Sensor Device Technologies and Applications
  • SECURWARE 2021, The Fifteenth International Conference on Emerging Security Information, Systems and Technologies
  • AFIN 2021, The Thirteenth International Conference on Advances in Future Internet
  • CENICS 2021, The Fourteenth International Conference on Advances in Circuits, Electronics and Micro-electronics
  • ICQNM 2021, The Fifteenth International Conference on Quantum, Nano/Bio, and Micro Technologies
  • FASSI 2021, The Seventh International Conference on Fundamentals and Advances in Software Systems Integration
  • GREEN 2021, The Sixth International Conference on Green Communications, Computing and Technologies

TrendNews 2021 Congress
November 14, 2021 to November 18, 2021 - Athens, Greece

  • CORETA 2021, Advances on Core Technologies and Applications
  • DIGITAL 2021, Advances on Societal Digital Transformation

 


ThinkMind // SECURWARE 2018, The Twelfth International Conference on Emerging Security Information, Systems and Technologies // View article securware_2018_1_20_30110


Towards a Quantitative Approach for Security Assurance Metrics

Authors:
Goitom Weldehawaryat
Basel Katt

Keywords: Quantitative security assurance metrics; Security testing; Goal question metric (GQM); Common vulnerability scoring system (CVSS); Security metrics.

Abstract:
The need for effective and efficient evaluation schemes of security assurance is growing in many organizations, especially Small and Medium Enterprises (SMEs). Although there are several approaches and standards for evaluating application security assurance, they are qualitative in nature and depend to a great extent on manually processing. This paper presents a quantitative evaluation approach for defining security assurance metrics using two perspectives, vulnerabilities and security requirements. While vulnerability represents the negative aspect that leads to a reduction of the assurance level, security requirement improves the assurance posture. The approach employs both Goal Question Metric (GQM) and Common Vulnerability Scoring System (CVSS) methods. GQM is used to construct measurement items for different types of assurance metrics and assess the fulfillment of security requirements or the absence of vulnerabilities, and CVSS is utilized to quantify the severity of vulnerabilities according to various attributes. Furthermore, a case study is provided in this work, which measures and evaluates the security assurance of a discussion forum application using our approach. This can assist SMEs to evaluate the overall security assurance of their systems, and result in a measure of confidence that indicates how well a system meets its security requirements.

Pages: 13 to 20

Copyright: Copyright (c) IARIA, 2018

Publication date: September 16, 2018

Published in: conference

ISSN: 2162-2116

ISBN: 978-1-61208-661-3

Location: Venice, Italy

Dates: from September 16, 2018 to September 20, 2018

SERVICES CONTACT
2010 - 2017 © ThinkMind. All rights reserved.
Read Terms of Service and Privacy Policy.