AN ALTERNATIVE APPROACH FOR FORMULA MODELLING IN SECURITY METRICS

Felipe Marques Pires, Leonardo de Sousa Mendes, Rodrigo Sanches Miani

Abstract

This paper proposes an alternative approach to modelling the formula attribute within the context of security metrics. This approach seeks to correct past errors by treating a security metric like a set, and inserting a component that addresses the set intersection between the security elements. The work consists in to define the model, explain the differences to the previous model and validate it, with examples from the metrics found in literature and also with the results of a case study applied in Metropolitan Broadband Access Network in Pedreira, a city located in the state of So Paulo, Brazil.

References

  1. Alexiou, A., Bouras, C., and Primpas, D. (2006). Design aspects of open municipal broadband networks. In AcessNets 7806: Proceedings of the 1st international conference on Access networks, page 20, New York, NY, USA. ACM Press.
  2. Herrera, S. (2005). Information security management metrics development. In Security Technology, 2005. CCST 7805. 39th Annual 2005 International Carnahan Conference on, pages 51-56.
  3. ISO (2005). Code of practice for information security management - iso/iec 27002.
  4. Jaquith, A. (2007). Security Metrics - Replacing Fear, Uncertainty and Doubt. Addison-Wesley.
  5. Jelen, G. and Williams, J. (1998). A practical approach to measuring assurance. In Computer Security Applications Conference, 1998, Proceedings., 14th Annual, pages 333-343.
  6. Lowans, P. W. (2002). Implementing a network security metrics program. Technical report, SANS.
  7. Mell, P., Scarfone, K., and Romanosky, S. (2007). A complete guide to the common vulnerability scoring system version 2.0. http://www.first.org/cvss/.
  8. Mendes, L. S. (2006). Infovia Municipal - Um novo Paradigma em Comunicaes. Universidade Estadual de Campinas.
  9. MetricsCenter (2008). http://www.metricscenter.org/ index.php/plexlogicmetricviewer. Accessed in 24/02/2009.
  10. Miani, R. S., Zarpelo, B. B., de Souza Mendes, L., and Jr., M. L. P. (2008). Metrics application in metropolitan broadband access network security analysis. In SECRYPT 2008 - International Conference on Security and Cryptography, pages 473-476.
  11. Payne, S. C. (2006). A guide to security metrics. SANS Security Essentials GSEC Practical Assignment Version 1.2e.
  12. Rosenblatt, J. (2008). Security metrics: A solution in search of a problem. EDUCAUSE Quarterly, 3:8-11.
  13. Swanson, M., Bartol, N., Sabato, J., Hash, J., and Graffo, L. (2003). Security metrics guide for information technology systems. Technical report, NIST Special Publication 800-55.
  14. Weiss, S., Weissmann, O., and Dressler, F. (2005). A comprehensive and comparative metric for information security. In Proceedings of IFIP International Conference on Telecommunication Systems, Modeling and Analysis (ICTSM2005), pages 1-10.
Download


Paper Citation


in Harvard Style

Marques Pires F., de Sousa Mendes L. and Sanches Miani R. (2009). AN ALTERNATIVE APPROACH FOR FORMULA MODELLING IN SECURITY METRICS . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2009) ISBN 978-989-674-005-4, pages 381-386. DOI: 10.5220/0002227303810386


in Bibtex Style

@conference{secrypt09,
author={Felipe Marques Pires and Leonardo de Sousa Mendes and Rodrigo Sanches Miani},
title={AN ALTERNATIVE APPROACH FOR FORMULA MODELLING IN SECURITY METRICS},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2009)},
year={2009},
pages={381-386},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002227303810386},
isbn={978-989-674-005-4},
}


in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2009)
TI - AN ALTERNATIVE APPROACH FOR FORMULA MODELLING IN SECURITY METRICS
SN - 978-989-674-005-4
AU - Marques Pires F.
AU - de Sousa Mendes L.
AU - Sanches Miani R.
PY - 2009
SP - 381
EP - 386
DO - 10.5220/0002227303810386