Methodology for Evaluating Information Security Countermeasures of a System

Abstract

For leveraging the security level of the systems, it is required to develop an effective and practical methodology for evaluating the adequacy of the designed and/or implemented security counter- measures for a system. We propose a model as a one of the methodologies for evaluating security countermeasures which does not depend on the characteristics of a target system shown by the supporting businesses or the system configuration or the scale. This model consists of required security countermeasures that are well arranged for easy implementing, and required technologies and activities for achieving a target level for every required countermeasures.