Towards Measurement of Security Effectiveness Enabling Factors in Software Intensive Systems

Abstract: Abstract-Adequate information security effectiveness during system operation is the ultimate goal of all security solutions for software-intensive systems. Sufficient and credible measurement of security effectiveness supports informed decision-making in engineering and management practices throughout the system development life cycle. Although detail-level security metrics can be developed for special purposes, their meaningfulness suffers if their relationship to the overall security effectiveness objective… Show more

“…Effectiveness is understood as a property of the assessment object, representing how well it provides security in the context of its actual or proposed operational use [5,6]. Security effectiveness means the confidence that the security-enforcing mechanisms of the system meet the stated security objectives (that is, they do nothing other than what they should do while satisfying expectations for resiliency) [8,16,17]. Security efficiency denotes assurance that adequate security quality has been achieved in the system under study, meeting the resource, time and cost constraints [16,17].…”

“…The studies carried out and described in [17] revealed such factors contributing to a holistic perception of security effectiveness in software systems, as evidence of (a) direct security effectiveness, (b) quality of risk assessment, (c) security correctness and system quality. However, as noted in the paper, their practical application causes certain difficulties.…”

Technique for Evaluating the Security of Relational Databases Based on the Enhanced Clements–Hoffman Model

“…Effectiveness is understood as a property of the assessment object, representing how well it provides security in the context of its actual or proposed operational use [5,6]. Security effectiveness means the confidence that the security-enforcing mechanisms of the system meet the stated security objectives (that is, they do nothing other than what they should do while satisfying expectations for resiliency) [8,16,17]. Security efficiency denotes assurance that adequate security quality has been achieved in the system under study, meeting the resource, time and cost constraints [16,17].…”

“…The studies carried out and described in [17] revealed such factors contributing to a holistic perception of security effectiveness in software systems, as evidence of (a) direct security effectiveness, (b) quality of risk assessment, (c) security correctness and system quality. However, as noted in the paper, their practical application causes certain difficulties.…”

Technique for Evaluating the Security of Relational Databases Based on the Enhanced Clements–Hoffman Model