{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,4,13]],"date-time":"2024-04-13T23:40:22Z","timestamp":1713051622235},"reference-count":22,"publisher":"IGI Global","issue":"4","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2011,10,1]]},"abstract":"<p>Today\u2019s IT systems are ubiquitous and take the form of small portable devices, to the convenience of the users. However, the reliance on this technology is increasing faster than the ability to deal with the simultaneously increasing threats to information security. This paper proposes metrics and a methodology for the evaluation of operational systems security assurance that take into account the measurement of security correctness of a safeguarding measure and the analysis of the security criticality of the context in which the system is operating (i.e., where is the system used and\/or what for?). In that perspective, the paper also proposes a novel classification scheme for elucidating the security criticality level of an IT system. The advantage of this approach lies in the fact that the assurance level fluctuation based on the correctness of deployed security measures and the criticality of the context of use of the IT system or device, could provide guidance to users without security background on what activities they may or may not perform under certain circumstances. This work is illustrated with an application based on the case study of a Domain Name Server (DNS).<\/p>","DOI":"10.4018\/jhcr.2011100104","type":"journal-article","created":{"date-parts":[[2011,10,19]],"date-time":"2011-10-19T16:25:21Z","timestamp":1319041521000},"page":"59-81","source":"Crossref","is-referenced-by-count":0,"title":["Security Assurance Evaluation and IT Systems\u2019 Context of Use Security Criticality"],"prefix":"10.4018","volume":"2","author":[{"given":"Moussa","family":"Ouedraogo","sequence":"first","affiliation":[{"name":"Public Research Center Henri Tudor, Luxembourg"}]},{"given":"Haralambos","family":"Mouratidis","sequence":"additional","affiliation":[{"name":"University of East London, England"}]},{"given":"Eric","family":"Dubois","sequence":"additional","affiliation":[{"name":"Public Research Center Henri Tudor, Luxembourg"}]},{"given":"Djamel","family":"Khadraoui","sequence":"additional","affiliation":[{"name":"Public Research Center Henri Tudor, Luxembourg"}]}],"member":"2432","reference":[{"key":"jhcr.2011100104-0","doi-asserted-by":"crossref","unstructured":"Alberts, C. J., & Dorofee, A. J. (2001). OCTAVE criteria, version 2.0 (Tech. Rep. No. CMU\/SEI-2001-TR-016). Pittsburgh, PA: Carnegie Mellon University.","DOI":"10.21236\/ADA399229"},{"key":"jhcr.2011100104-1","unstructured":"Bulut, E., Khadraoui, D., & Marquet, B. (2007). Multi-agent based security assurance monitoring system for telecommunication infrastructures. In Proceedings of the Fourth IASTED International Conference on Communication, Network and Information Security (pp. 90-95)."},{"key":"jhcr.2011100104-2","unstructured":"Common Criteria. (2006). Common criteria for information technology, part 1: Introduction and general model version 3.1. Retrieved from http:\/\/www.commoncriteriaportal.org\/files\/ccfiles\/CCPART1V3.1R1.pdf"},{"key":"jhcr.2011100104-3","author":"D. L.Evans","year":"2004","journal-title":"Standards for security categorization of federal information and information systems"},{"key":"jhcr.2011100104-4","unstructured":"Holstein, D. K. (2009). A systems dynamics view of security assurance issues: The curse of complexity and avoiding chaos. In Proceedings of the 42nd Hawaii International Conference on System Sciences (pp. 1-9)."},{"key":"jhcr.2011100104-5","year":"2009","journal-title":"ISO\/IEC 27004: Information technology - Security techniques - Information security management measurements"},{"key":"jhcr.2011100104-6","doi-asserted-by":"crossref","unstructured":"Jansen, W. (2009). Directions in security metrics research (Tech. Rep. No. NISTIR7564). Gaithersburg, MD: National Institute of Standards and Technology.","DOI":"10.6028\/NIST.IR.7564"},{"key":"jhcr.2011100104-7","unstructured":"Jennings, N. R. (1999). An agent-based software engineering. In Proceedings of the 9th European Workshop on Modelling Autonomous Agents in a Multi-Agent World."},{"key":"jhcr.2011100104-8","author":"T. J.Klevinsky","year":"2002","journal-title":"Hack I.T.\u2014Security through penetration testing"},{"key":"jhcr.2011100104-9","author":"C. H.Le Grand","year":"2005","journal-title":"Software security assurance: A framework for software vulnerability management and audit"},{"key":"jhcr.2011100104-10","doi-asserted-by":"publisher","DOI":"10.1142\/S0218194007003240"},{"key":"jhcr.2011100104-11","unstructured":"OLF. (2009). OLF Guideline No 123: Classification of process control, safety and support ICT systems based on criticality. Retrieved from http:\/\/www.olf.no\/Documents\/Retningslinjer\/100-127\/123%20-%20Classification%20of%20process%20control,%20safety%20and%20support.pdf?epslanguage=no"},{"key":"jhcr.2011100104-12","unstructured":"Ouedraogo, M., Mouratidis, H., Khadraoui, D., & Dubois, E. (2009). A probe capability metric taxonomy for assurance evaluation. In Proceedings of the UEL\u2019s AC&T Conference."},{"key":"jhcr.2011100104-13","unstructured":"Ouedraogo, M., Savola, R., Mouratidis, H., Preston, D., Khadraoui, D., & Dubois, E. (2010). Taxonomy of quality metrics for security verification process. Journal of Software Quality."},{"key":"jhcr.2011100104-14","doi-asserted-by":"crossref","unstructured":"Savola, R. M. (2007). Towards a taxonomy for information security metrics. In Proceedings of the International Conference on Software Engineering Advances, Cap Esterel, France.","DOI":"10.1145\/1314257.1314266"},{"key":"jhcr.2011100104-15","unstructured":"Seddigh, N., Pieda, P., Matrawy, A., Nandy, B., Lambadaris, L., & Hatfield, A. (2004). Current trends and advances in information assurance metrics. In Proceedings of the Conference on Privacy, Trust Management and Security (pp. 197-205)."},{"key":"jhcr.2011100104-16","author":"G.Stoneburner","year":"2001","journal-title":"Underlying technical models for information technology security"},{"key":"jhcr.2011100104-17","doi-asserted-by":"crossref","unstructured":"Strunk, E. A., & Knight, J. C. (2006, May 23). The essential synthesis of problem frames and assurance cases. In Proceedings of the Second International Workshop on Applications and Advances in Problem Frames.","DOI":"10.1145\/1138670.1138683"},{"key":"jhcr.2011100104-18","doi-asserted-by":"crossref","unstructured":"Swanson, M., Nadya, B., Sabato, J., Hash, J., & Graffo, L. (2003). Security metrics guide for information technology systems (Tech. Rep. No. NIST-800-55). Gaithersburg, MD: National Institute of Standards and Technology.","DOI":"10.6028\/NIST.SP.800-55"},{"key":"jhcr.2011100104-19","doi-asserted-by":"crossref","unstructured":"Vaughn, R. B., Henning, R., & Siraj, A. (2002). Information assurance measures and metrics \u2013 state of practice and proposed taxonomy. In Proceedings of the IEEE International Hawaii Conference on System Sciences (p. 331.3).","DOI":"10.1109\/HICSS.2003.1174904"},{"key":"jhcr.2011100104-20","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2004.2"},{"key":"jhcr.2011100104-21","author":"M.Wooldridge","year":"2002","journal-title":"An introduction to multi-agent systems"}],"container-title":["International Journal of Handheld Computing Research"],"original-title":[],"language":"ng","link":[{"URL":"https:\/\/www.igi-global.com\/viewtitle.aspx?TitleId=59873","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,4,13]],"date-time":"2024-04-13T22:29:09Z","timestamp":1713047349000},"score":1,"resource":{"primary":{"URL":"https:\/\/services.igi-global.com\/resolvedoi\/resolve.aspx?doi=10.4018\/jhcr.2011100104"}},"subtitle":[""],"short-title":[],"issued":{"date-parts":[[2011,10,1]]},"references-count":22,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2011,10]]}},"URL":"https:\/\/doi.org\/10.4018\/jhcr.2011100104","relation":{},"ISSN":["1947-9158","1947-9166"],"issn-type":[{"value":"1947-9158","type":"print"},{"value":"1947-9166","type":"electronic"}],"subject":[],"published":{"date-parts":[[2011,10,1]]}}}