6.3.1 Secure Adaptive Response Potential (SARP): A System Security Metric

Simpson, Joseph; Miller, Alice; Dağli, Ci̇han H.

doi:10.1002/j.2334-5837.2008.tb00838.x

Cited by 2 publications

(5 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The output from a SSCAM activity could be used as input to a structured evaluation technique that evaluates the most effective methods to address any indicated security short falls found in the SSCAM QL or SSCAM process assessments. The secure adaptive response potential (SARP) metric was developed to directly support this type of management decision making (Simpson 2008).…”

Section: Sscam Applicationmentioning

confidence: 99%

3.2.1 System Security Capability Assessment Model Development and Application

Simpson¹,

Endicott-Popovsky

2010

INCOSE International Symp

View full text Add to dashboard Cite

The INCOSE Systems Engineering Capability Assessment Model (SECAM) has been adapted to apply to the system security domain. Service organizations that do not produce an industrial manufactured product are the initial target of this new variation of capability assessment model. The primary goal of this work is the deployment of an adaptive set of organizational security assessment tools that provide the basis for controlled, structured organizational improvement of the existing security context. A new quick look assessment method is also presented to help an organization minimize the cost and time associated with this type of activity. regulations and contractual obligations that impact and help define the system security features, processes and mechanisms that must be implemented by the organization. These contextual obligations must be properly addressed by the organization. The questions (Q) associated with the key contextual activities (KCA) areas and sub-areas are listed next.

show abstract

Section: Sscam Applicationmentioning

confidence: 99%

3.2.1 System Security Capability Assessment Model Development and Application

Simpson¹,

Endicott-Popovsky

2010

INCOSE International Symp

View full text Add to dashboard Cite

show abstract

“…The Microsoft Security Development Lifecycle process is an example of this type of stand-alone security life-cycle process. (Simpson, Miller, & Dagli, 2008). SARP can be used to guide programmatic decision and resource allocation.…”

Section: Information Asset Protection Modelmentioning

confidence: 99%

“…Step 8: Prioritize requirements The complete system scope as well as the attention to value, threat and function in the APM support the activity of requirements prioritization. The structured information and data associated with the APM can be used as direct inputs for formal ranking tools like the analytical hierarchy process (AHP) (Simpson, Miller, & Dagli, June, 2008).…”

Section: Table 1 Apm Contextual Support For Square Process Square Pro...mentioning

confidence: 99%

“…Specific instances of software security applications and techniques are mapped to a specific operational context, and are evaluated using a secure adaptive response potential (SARP) system security metric, which was introduced earlier in the paper. The SARP security metric was designed to address system security operational suitability throughout the system lifecycle (Simpson, Miller, & Dagli, June, 2008). Specific classes of system operational suitability may be developed and categorized using the SARP metric components that generally describe the operation and maintenance profile of the deployed system.…”

Section: Stable Model Development and Applicationmentioning

confidence: 99%

“…(1) asset management, (2) configuration management, (3) compliance management and (4) vulnerability management. Simpson, 2008) enumeration, open vulnerability and assessment language, and the common vulnerability scoring system. The common vulnerability enumeration is an extensive list of publicly known information security vulnerabilities and exposures.…”

Section: Category 14: Catch-allmentioning

confidence: 99%

See 2 more Smart Citations

Secure Software Education

Simpson¹,

Simpson²,

Endicott-Popovsky

et al. 2010

International Journal of Secure Software Engineering

View full text Add to dashboard Cite

This article establishes a context for secure information systems development as well as a set of models used to develop and apply a secure software production pedagogy. A generic system model is presented to support the system context development, and to provide a framework for discussing security relationships that exist between and among information systems and their applications. An asset protection model is tailored to provide a conceptual ontology for secure information system topics, and a stable logical framework that is independent of specific organizations, technologies, and their associated changes. This asset protection model provides a unique focus for each of the three primary professional communities associated with the development and operation of secure information systems. In this paper, a secure adaptive response model is discussed to provide an analytical tool to assess risk associated with the development and deployment of secure information systems, and to use as a security metric. A pedagogical model for information assurance curriculum development is then established in the context and terms of the developed secure information system models. The relevance of secure coding techniques to the production of secure systems, architectures, and organizational operations is also discussed.

show abstract

6.3.1 Secure Adaptive Response Potential (SARP): A System Security Metric

Cited by 2 publications

References 6 publications

3.2.1 System Security Capability Assessment Model Development and Application

3.2.1 System Security Capability Assessment Model Development and Application

Secure Software Education

Contact Info

Product

Resources

About