Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
HICSS
2011
IEEE
2011
IEEE
Validating Cyber Security Requirements: A Case Study
Vulnerabilities in a system may have widely varying impacts on system security. In practice, security should not be defined as the absence of vulnerabilities. In practice, security should not be quantified by the number of vulnerabilities. Security should be managed by pursuing a policy that leads us first to the highest impact vulnerabilities. In light of these observations, we argue in favor of shifting our focus from vulnerability avoidance/removal to measurable security attributes. To this effect, we recommend a logic be used for system security, which captures/represents security properties in quantifiable, verifiable, measurable terms – so that it is possible to reason about security in terms of its observable/ perceptible effects rather than its hypothesized causes. This approach is orthogonal to existing techniques for vulnerability avoidance, removal, detection, and recovery, in the sense that it provides a means to assess, quantify, and combine these techniques.
Real-time TrafficRelated Content
| Added | 20 Aug 2011 |
| Updated | 20 Aug 2011 |
| Type | Journal |
| Year | 2011 |
| Where | HICSS |
| Authors | Robert K. Abercrombie, Frederick T. Sheldon, Ali Mili |
Comments (0)
Researcher Info
|
