Moussa Ouedraogo, H. Mouratidis, E. Dubois, D. Khadraoui
{"title":"安全保障评估与IT系统使用环境的安全关键性","authors":"Moussa Ouedraogo, H. Mouratidis, E. Dubois, D. Khadraoui","doi":"10.4018/jhcr.2011100104","DOIUrl":null,"url":null,"abstract":"Today's IT systems are ubiquitous and take the form of small portable devices, to the convenience of the users. However, the reliance on this technology is increasing faster than the ability to deal with the simultaneously increasing threats to information security. This paper proposes metrics and a methodology for the evaluation of operational systems security assurance that take into account the measurement of security correctness of a safeguarding measure and the analysis of the security criticality of the context in which the system is operating i.e., where is the system used and/or what for?. In that perspective, the paper also proposes a novel classification scheme for elucidating the security criticality level of an IT system. The advantage of this approach lies in the fact that the assurance level fluctuation based on the correctness of deployed security measures and the criticality of the context of use of the IT system or device, could provide guidance to users without security background on what activities they may or may not perform under certain circumstances. This work is illustrated with an application based on the case study of a Domain Name Server DNS.","PeriodicalId":265963,"journal":{"name":"Int. J. Handheld Comput. Res.","volume":"13 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"Security Assurance Evaluation and IT Systems' Context of Use Security Criticality\",\"authors\":\"Moussa Ouedraogo, H. Mouratidis, E. Dubois, D. Khadraoui\",\"doi\":\"10.4018/jhcr.2011100104\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Today's IT systems are ubiquitous and take the form of small portable devices, to the convenience of the users. However, the reliance on this technology is increasing faster than the ability to deal with the simultaneously increasing threats to information security. This paper proposes metrics and a methodology for the evaluation of operational systems security assurance that take into account the measurement of security correctness of a safeguarding measure and the analysis of the security criticality of the context in which the system is operating i.e., where is the system used and/or what for?. In that perspective, the paper also proposes a novel classification scheme for elucidating the security criticality level of an IT system. The advantage of this approach lies in the fact that the assurance level fluctuation based on the correctness of deployed security measures and the criticality of the context of use of the IT system or device, could provide guidance to users without security background on what activities they may or may not perform under certain circumstances. This work is illustrated with an application based on the case study of a Domain Name Server DNS.\",\"PeriodicalId\":265963,\"journal\":{\"name\":\"Int. J. Handheld Comput. Res.\",\"volume\":\"13 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2011-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Int. J. Handheld Comput. Res.\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.4018/jhcr.2011100104\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Int. J. Handheld Comput. Res.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4018/jhcr.2011100104","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Security Assurance Evaluation and IT Systems' Context of Use Security Criticality
Today's IT systems are ubiquitous and take the form of small portable devices, to the convenience of the users. However, the reliance on this technology is increasing faster than the ability to deal with the simultaneously increasing threats to information security. This paper proposes metrics and a methodology for the evaluation of operational systems security assurance that take into account the measurement of security correctness of a safeguarding measure and the analysis of the security criticality of the context in which the system is operating i.e., where is the system used and/or what for?. In that perspective, the paper also proposes a novel classification scheme for elucidating the security criticality level of an IT system. The advantage of this approach lies in the fact that the assurance level fluctuation based on the correctness of deployed security measures and the criticality of the context of use of the IT system or device, could provide guidance to users without security background on what activities they may or may not perform under certain circumstances. This work is illustrated with an application based on the case study of a Domain Name Server DNS.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
