Ensuring and sustaining software product integrity requires that all project stakeholders share a common understanding of the status of the product throughout the development and sustainment... Show More

Ensuring and sustaining software product integrity requires that all project stakeholders share a common understanding of the status of the product throughout the development and sustainment processes. Accurately measuring the product’s status helps achieve this shared understanding. This paper presents an effective measurement model organized by seven principles that capture the fundamental managerial and technical concerns of development and sustainment. These principles guided the development of the measures presented in the paper. Data from the quantitative measures help organizational stakeholders make decisions about the performance of their overall software assurance processes. Complementary risk-based data help them make decisions relative to the assessment of risk. The quantitative and risk-based measures form a comprehensive model to assess program and organizational performance. An organization using this model will be able to assess its performance to ensure secure and trustworthy products.

The task of designing secure software systems is fraught with uncertainty, as data on uncommon attacks is limited, costs are difficult to estimate, and technology and tools are continually changing.... Show More

The task of designing secure software systems is fraught with uncertainty, as data on uncommon attacks is limited, costs are difficult to estimate, and technology and tools are continually changing. Consequently, experts may interpret the security risks posed to a system in different ways, leading to variation in assessment. This paper presents research into measuring the variability in decision making between security professionals, with the ultimate goal of improving the quality of security advice given to software system designers. A set of thirty nine cyber-security experts took part in an exercise in which they independently assessed a realistic system scenario. This study quantifies agreement in the opinions of experts, examines methods of aggregating opinions, and produces an assessment of attacks from ratings of their components. The authors show that when aggregated, a coherent consensus view of security emerges which can be used to inform decisions made during systems design.

In this paper, the authors present a new method for writing assurance cases. Assurance cases are documented bodies of evidence that provide a convincing and valid argument that a system is... Show More

In this paper, the authors present a new method for writing assurance cases. Assurance cases are documented bodies of evidence that provide a convincing and valid argument that a system is adequately dependable for a given application in a given environment. Assurance cases have been used mostly in the safety field, but are now beginning to be widely applied in other areas. Cyber security is one such area, and recently, assuring security of cyber systems has become crucial. Several methods and various guidelines for writing assurance cases have been used. Unfortunately, only experts are currently able to write assurance cases, and it is still difficult for ordinary engineers to write them. This paper presents a new method for writing assurance cases. The main ideas are that (1) documents generated and used during the system lifecycle must be either used by the assurance cases or must be referred to in the assurance cases, and (2) typical patterns exist for assurance cases, and these patterns have not yet been well discussed. This paper presents the preliminary steps in developing a method for writing assurance cases. The authors also report on a preliminary experiment carried out on a web server demo system.

Managing security is essential for organizations doing business in a globally networked environment and for organizations that are at the same time seeking to achieve their missions and goals.... Show More

Managing security is essential for organizations doing business in a globally networked environment and for organizations that are at the same time seeking to achieve their missions and goals. However, numerous technical advancements do not always produce a more secure environment. All kinds of human factors can deeply affect the management of security in an organizational context. Therefore, security is not solely a technical problem; rather, the authors need to understand human factors, which need adequate attention to achieve an effective information security management system practice. This paper identifies direct and indirect human factors that have impact on information security. These factors were analyzed through the study of two security incidents of the UK’s financial organizations using the SWOT (Strength, Weaknesses, Opportunities, and Threats) technique. The study’s results show that human factors are the main causes for these security incidents. Factors such as training, awareness, and security culture influence organizational strength and opportunity relating to information security. People’s irrational behavior and errors are the main weaknesses highlighted in security incidents, which pose threats such as poor reputation and high costs.

Cyber resilience is becoming increasingly recognized as a critical component of comprehensive cybersecurity practices. Current cyber resilience assessment approaches are primarily qualitative... Show More

Cyber resilience is becoming increasingly recognized as a critical component of comprehensive cybersecurity practices. Current cyber resilience assessment approaches are primarily qualitative methods, making validation of their resilience analyses and enhancement recommendations difficult, if not impossible. The evolution of infrastructure resilience assessment methods has paralleled that of their cyber counterparts. However, the development of performance-based assessment methods has shown promise for overcoming the validation challenge for infrastructure systems. This paper describes a hybrid infrastructure resilience assessment approach that combines both qualitative analysis techniques with performance-based metrics. The qualitative component enables identification of system features that limit resilience, and the quantitative metrics can be used to evaluate and confirm the effectiveness of proposed mitigation options. The authors propose adaptation of this methodology for cyber resilience analysis. A case study is presented to demonstrate how the approach could be applied to a hypothetical system.