Vitenskapelig Kapittel/Artikkel/Konferanseartikkel   2009

Savola, Reijo M.; Abie, Habtamu



121– 128





Del av: 2009 Third International Conference on Emerging Security Information, Systems, and Technologies (SECURWARE 2009) (IEEE conference proceedings, 2009)

The lack of appropriate information security solutions in software intensive systems can have serious consequences for businesses and the stakeholders. Carefully designed security metrics can be used to offer evidence of the security behavior of the system under development or operation. This study investigates holistic development of security metrics for a distributed messaging system based on threat analysis, security requirements, decomposition and use case information. Our approach is thus requirement centric. The highlevel security requirements are expressed in terms of lower level measurable components applying a decomposition approach.