Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

A critical survey of security indicator approaches

: Rudolph, Manuel; Schwarz, Reinhard


IEEE Computer Society:
Seventh International Conference on Availability, Reliability and Security, ARES 2012. Proceedings : 20-24 August 2012, Prague
Los Alamitos, Calif.: IEEE Computer Society Conference Publishing Services (CPS), 2012
ISBN: 978-1-4673-2244-7 (Print)
ISBN: 978-0-7695-4775-6
International Conference on Availability, Reliability and Security (ARES) <7, 2012, Prague>
Fraunhofer IESE ()
it-security; security metric; security indicator; it-security assurance

To better control IT security in software engineering and IT management, we need to assess security qualities in the different phases of a system's lifecycle. To this end, various security indicators, measures, and metrics have been proposed by scientists and practitioners, but few have gained general acceptance. We surveyed the current state of the art in qualitative and quantitative security measurement to characterize the available measurement strategies, their maturity, and the conceptual or technical obstacles preventing further progress in this field of research. We classified the proposed security indicators with respect to their characteristic properties and derived a classification tree delineating the different security assessment strategies and their derived security measures. Based on this overview, we analyzed the relative merits and deficiencies of current approaches, and we suggested future steps towards better security metrics. This paper summarizes the main results of our survey.