Change search
ReferencesLink to record
Permanent link

Direct link
Option Based Evaluation: Security Evaluation of IT Products Based on Options Theory
KTH, School of Information and Communication Technology (ICT), Electronic, Computer and Software Systems, ECS.
KTH, School of Information and Communication Technology (ICT), Electronic, Computer and Software Systems, ECS.ORCID iD: 0000-0003-0565-9376
2009 (English)In: IEEE  ECBS-EERC 2009, New York: IEEE , 2009, 134-141 p.Conference paper (Refereed)
Abstract [en]

Reliability of IT systems and infrastructure is a critical need for organizations to trust their business processes. This makes security evaluation of IT systems a prime concern for these organizations. Common Criteria is an elaborate, globally accepted security evaluation process that fulfills this need. However CC rigidly follows the initial specification and security threats and takes too long to evaluate and as such is also very expensive. Rapid development in technology and with it the new security threats further aggravates the long evaluation time problem of CC to the extent that by the time a CC evaluation is done, it may no longer be valid because new security threats have emerged that have not been factored in. To address these problems, we propose a novel Option Based Evaluation methodology for security of IT systems that can also be considered as an enhancement to the CC process. The objective is to address uncertainty issues in IT environment and speed up the slow CC based evaluation processes. OBE will follow incremental evaluation model and address the following main concerns based on options theory i.e. i) managing dynamic security requirement with mid-course decision management ii) devising evaluation as an improvement process iii) reducing cost and time for evaluation of an IT product.

Place, publisher, year, edition, pages
New York: IEEE , 2009. 134-141 p.
National Category
Computer and Information Science
URN: urn:nbn:se:kth:diva-11204DOI: 10.1109/ECBS-EERC.2009.27ISI: 000274849200019ScopusID: 2-s2.0-74349107955ISBN: 978-1-4244-4677-3OAI: diva2:241484
1st IEEE Eastern European Conference on the Engineering of Computer Based Systems Univ Novi Sad, Fac Tech Sci, Dept Comp Engn & Comp Commun, Novi Sad, SERBIA, SEP 07-08, 2009
QC 20110218Available from: 2009-10-03 Created: 2009-10-03 Last updated: 2011-03-01Bibliographically approved

Open Access in DiVA

No full text

Other links

Publisher's full textScopus

Search in DiVA

By author/editor
Abbas, HaiderHemani, Ahmed
By organisation
Electronic, Computer and Software Systems, ECS
Computer and Information Science

Search outside of DiVA

GoogleGoogle Scholar
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Altmetric score

Total: 128 hits
ReferencesLink to record
Permanent link

Direct link