{"title":"基于适当的使用评估安全产品","authors":"V. Phatak, Rick Moy","doi":"10.1109/MALWARE.2011.6112323","DOIUrl":null,"url":null,"abstract":"Information security products have evolved rapidly over the last decade. However, the science of evaluating products has virtually stood still during that same time period, creating a knowledge gap that has made it difficult for information security buyers to determine whether or not a product meets specific security and/or compliance needs. This paper discusses a new method for evaluating technology products based upon the appropriateness within the context that they will be deployed. By applying a Use Case-based methodology, information security professionals can more clearly identify detailed protection requirements for a given environment. Two examples are given: (1) Use Cases can clarify different application security requirements between retail storefronts and back-end e-commerce datacenters; and (2) Use Cases allow the assessment of anti-malware products based on the relative importance of different malware attack vectors to the endpoints being protected.","PeriodicalId":375300,"journal":{"name":"2011 6th International Conference on Malicious and Unwanted Software","volume":"16 8","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-10-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Evaluating security products based on appropriate usage\",\"authors\":\"V. Phatak, Rick Moy\",\"doi\":\"10.1109/MALWARE.2011.6112323\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Information security products have evolved rapidly over the last decade. However, the science of evaluating products has virtually stood still during that same time period, creating a knowledge gap that has made it difficult for information security buyers to determine whether or not a product meets specific security and/or compliance needs. This paper discusses a new method for evaluating technology products based upon the appropriateness within the context that they will be deployed. By applying a Use Case-based methodology, information security professionals can more clearly identify detailed protection requirements for a given environment. Two examples are given: (1) Use Cases can clarify different application security requirements between retail storefronts and back-end e-commerce datacenters; and (2) Use Cases allow the assessment of anti-malware products based on the relative importance of different malware attack vectors to the endpoints being protected.\",\"PeriodicalId\":375300,\"journal\":{\"name\":\"2011 6th International Conference on Malicious and Unwanted Software\",\"volume\":\"16 8\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2011-10-18\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2011 6th International Conference on Malicious and Unwanted Software\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/MALWARE.2011.6112323\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 6th International Conference on Malicious and Unwanted Software","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/MALWARE.2011.6112323","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Evaluating security products based on appropriate usage
Information security products have evolved rapidly over the last decade. However, the science of evaluating products has virtually stood still during that same time period, creating a knowledge gap that has made it difficult for information security buyers to determine whether or not a product meets specific security and/or compliance needs. This paper discusses a new method for evaluating technology products based upon the appropriateness within the context that they will be deployed. By applying a Use Case-based methodology, information security professionals can more clearly identify detailed protection requirements for a given environment. Two examples are given: (1) Use Cases can clarify different application security requirements between retail storefronts and back-end e-commerce datacenters; and (2) Use Cases allow the assessment of anti-malware products based on the relative importance of different malware attack vectors to the endpoints being protected.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
