Premium
Measuring systems security
Author(s) -
Bayuk Jennifer,
Mostashari Ali
Publication year - 2012
Publication title -
systems engineering
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.474
H-Index - 50
eISSN - 1520-6858
pISSN - 1098-1241
DOI - 10.1002/sys.21211
Subject(s) - computer science , computer security model , security testing , cloud computing security , computer security , security engineering , state (computer science) , cloud computing , software security assurance , security service , systems engineering , software engineering , security information and event management , information security , engineering , algorithm , operating system
Security metrics have evolved side by side with the advent of security tools and techniques. They have been derived from the techniques rather than specified as system requirements. This paper surveys the evolution and state of the practice of security metrics from both a technical and historical perspective. It describes the evolution of currently popular security metrics, and classifies them to illustrate their utility in systems engineering verification and validation activities. It provides criteria with which to evaluate security metrics based on system purpose and architecture. The criteria are illustrated using a case study of Cloud System security. ©2012 Wiley Periodicals, Inc. Syst Eng 16: