Published: Jan 1, 2013
Converted to Gold OA:
DOI: 10.4018/IJSSE.20130101.unk
Volume 4
Nancy R. Mead, Ivan Flechais, Dan Shoemaker, Carol Woody
Content Forthcoming
Add to Your Personal Library: Article
Cite Article
Cite Article
MLA
Mead, Nancy R., et al. "Guest Editorial Preface." IJSSE vol.4, no.1 2013: pp.4-7. http://doi.org/10.4018/IJSSE.20130101.unk
APA
Mead, N. R., Flechais, I., Shoemaker, D., & Woody, C. (2013). Guest Editorial Preface. International Journal of Secure Software Engineering (IJSSE), 4(1), 4-7. http://doi.org/10.4018/IJSSE.20130101.unk
Chicago
Mead, Nancy R., et al. "Guest Editorial Preface," International Journal of Secure Software Engineering (IJSSE) 4, no.1: 4-7. http://doi.org/10.4018/IJSSE.20130101.unk
Export Reference
Published: Jan 1, 2013
Converted to Gold OA:
DOI: 10.4018/jsse.2013010101
Volume 4
Nancy R. Mead, Dan Shoemaker, Carol Woody
Ensuring and sustaining software product integrity requires that all project stakeholders share a common understanding of the status of the product throughout the development and sustainment...
Show More
Ensuring and sustaining software product integrity requires that all project stakeholders share a common understanding of the status of the product throughout the development and sustainment processes. Accurately measuring the product’s status helps achieve this shared understanding. This paper presents an effective measurement model organized by seven principles that capture the fundamental managerial and technical concerns of development and sustainment. These principles guided the development of the measures presented in the paper. Data from the quantitative measures help organizational stakeholders make decisions about the performance of their overall software assurance processes. Complementary risk-based data help them make decisions relative to the assessment of risk. The quantitative and risk-based measures form a comprehensive model to assess program and organizational performance. An organization using this model will be able to assess its performance to ensure secure and trustworthy products.
Content Forthcoming
Add to Your Personal Library: Article
Cite Article
Cite Article
MLA
Mead, Nancy R., et al. "Principles and Measurement Models for Software Assurance." IJSSE vol.4, no.1 2013: pp.1-10. http://doi.org/10.4018/jsse.2013010101
APA
Mead, N. R., Shoemaker, D., & Woody, C. (2013). Principles and Measurement Models for Software Assurance. International Journal of Secure Software Engineering (IJSSE), 4(1), 1-10. http://doi.org/10.4018/jsse.2013010101
Chicago
Mead, Nancy R., Dan Shoemaker, and Carol Woody. "Principles and Measurement Models for Software Assurance," International Journal of Secure Software Engineering (IJSSE) 4, no.1: 1-10. http://doi.org/10.4018/jsse.2013010101
Export Reference
Published: Jan 1, 2013
Converted to Gold OA:
DOI: 10.4018/jsse.2013010102
Volume 4
Simon Miller, Susan Appleby, Jonathan M. Garibaldi, Uwe Aickelin
The task of designing secure software systems is fraught with uncertainty, as data on uncommon attacks is limited, costs are difficult to estimate, and technology and tools are continually changing....
Show More
The task of designing secure software systems is fraught with uncertainty, as data on uncommon attacks is limited, costs are difficult to estimate, and technology and tools are continually changing. Consequently, experts may interpret the security risks posed to a system in different ways, leading to variation in assessment. This paper presents research into measuring the variability in decision making between security professionals, with the ultimate goal of improving the quality of security advice given to software system designers. A set of thirty nine cyber-security experts took part in an exercise in which they independently assessed a realistic system scenario. This study quantifies agreement in the opinions of experts, examines methods of aggregating opinions, and produces an assessment of attacks from ratings of their components. The authors show that when aggregated, a coherent consensus view of security emerges which can be used to inform decisions made during systems design.
Content Forthcoming
Add to Your Personal Library: Article
Cite Article
Cite Article
MLA
Miller, Simon, et al. "Towards a More Systematic Approach to Secure Systems Design and Analysis." IJSSE vol.4, no.1 2013: pp.11-30. http://doi.org/10.4018/jsse.2013010102
APA
Miller, S., Appleby, S., Garibaldi, J. M., & Aickelin, U. (2013). Towards a More Systematic Approach to Secure Systems Design and Analysis. International Journal of Secure Software Engineering (IJSSE), 4(1), 11-30. http://doi.org/10.4018/jsse.2013010102
Chicago
Miller, Simon, et al. "Towards a More Systematic Approach to Secure Systems Design and Analysis," International Journal of Secure Software Engineering (IJSSE) 4, no.1: 11-30. http://doi.org/10.4018/jsse.2013010102
Export Reference
Published: Jan 1, 2013
Converted to Gold OA:
DOI: 10.4018/jsse.2013010103
Volume 4
Yutaka Matsuno, Shuichiro Yamamoto
In this paper, the authors present a new method for writing assurance cases. Assurance cases are documented bodies of evidence that provide a convincing and valid argument that a system is...
Show More
In this paper, the authors present a new method for writing assurance cases. Assurance cases are documented bodies of evidence that provide a convincing and valid argument that a system is adequately dependable for a given application in a given environment. Assurance cases have been used mostly in the safety field, but are now beginning to be widely applied in other areas. Cyber security is one such area, and recently, assuring security of cyber systems has become crucial. Several methods and various guidelines for writing assurance cases have been used. Unfortunately, only experts are currently able to write assurance cases, and it is still difficult for ordinary engineers to write them. This paper presents a new method for writing assurance cases. The main ideas are that (1) documents generated and used during the system lifecycle must be either used by the assurance cases or must be referred to in the assurance cases, and (2) typical patterns exist for assurance cases, and these patterns have not yet been well discussed. This paper presents the preliminary steps in developing a method for writing assurance cases. The authors also report on a preliminary experiment carried out on a web server demo system.
Content Forthcoming
Add to Your Personal Library: Article
Cite Article
Cite Article
MLA
Matsuno, Yutaka, and Shuichiro Yamamoto. "A New Method for Writing Assurance Cases." IJSSE vol.4, no.1 2013: pp.31-49. http://doi.org/10.4018/jsse.2013010103
APA
Matsuno, Y. & Yamamoto, S. (2013). A New Method for Writing Assurance Cases. International Journal of Secure Software Engineering (IJSSE), 4(1), 31-49. http://doi.org/10.4018/jsse.2013010103
Chicago
Matsuno, Yutaka, and Shuichiro Yamamoto. "A New Method for Writing Assurance Cases," International Journal of Secure Software Engineering (IJSSE) 4, no.1: 31-49. http://doi.org/10.4018/jsse.2013010103
Export Reference
Published: Jan 1, 2013
Converted to Gold OA:
DOI: 10.4018/jsse.2013010104
Volume 4
Reza Alavi, Shareeful Islam, Hamid Jahankhani, Ameer Al-Nemrat
Managing security is essential for organizations doing business in a globally networked environment and for organizations that are at the same time seeking to achieve their missions and goals....
Show More
Managing security is essential for organizations doing business in a globally networked environment and for organizations that are at the same time seeking to achieve their missions and goals. However, numerous technical advancements do not always produce a more secure environment. All kinds of human factors can deeply affect the management of security in an organizational context. Therefore, security is not solely a technical problem; rather, the authors need to understand human factors, which need adequate attention to achieve an effective information security management system practice. This paper identifies direct and indirect human factors that have impact on information security. These factors were analyzed through the study of two security incidents of the UK’s financial organizations using the SWOT (Strength, Weaknesses, Opportunities, and Threats) technique. The study’s results show that human factors are the main causes for these security incidents. Factors such as training, awareness, and security culture influence organizational strength and opportunity relating to information security. People’s irrational behavior and errors are the main weaknesses highlighted in security incidents, which pose threats such as poor reputation and high costs.
Content Forthcoming
Add to Your Personal Library: Article
Cite Article
Cite Article
MLA
Alavi, Reza, et al. "Analyzing Human Factors for an Effective Information Security Management System." IJSSE vol.4, no.1 2013: pp.50-74. http://doi.org/10.4018/jsse.2013010104
APA
Alavi, R., Islam, S., Jahankhani, H., & Al-Nemrat, A. (2013). Analyzing Human Factors for an Effective Information Security Management System. International Journal of Secure Software Engineering (IJSSE), 4(1), 50-74. http://doi.org/10.4018/jsse.2013010104
Chicago
Alavi, Reza, et al. "Analyzing Human Factors for an Effective Information Security Management System," International Journal of Secure Software Engineering (IJSSE) 4, no.1: 50-74. http://doi.org/10.4018/jsse.2013010104
Export Reference
Published: Jan 1, 2013
Converted to Gold OA:
DOI: 10.4018/jsse.2013010105
Volume 4
Eric D. Vugrin, Jennifer Turgeon
Cyber resilience is becoming increasingly recognized as a critical component of comprehensive cybersecurity practices. Current cyber resilience assessment approaches are primarily qualitative...
Show More
Cyber resilience is becoming increasingly recognized as a critical component of comprehensive cybersecurity practices. Current cyber resilience assessment approaches are primarily qualitative methods, making validation of their resilience analyses and enhancement recommendations difficult, if not impossible. The evolution of infrastructure resilience assessment methods has paralleled that of their cyber counterparts. However, the development of performance-based assessment methods has shown promise for overcoming the validation challenge for infrastructure systems. This paper describes a hybrid infrastructure resilience assessment approach that combines both qualitative analysis techniques with performance-based metrics. The qualitative component enables identification of system features that limit resilience, and the quantitative metrics can be used to evaluate and confirm the effectiveness of proposed mitigation options. The authors propose adaptation of this methodology for cyber resilience analysis. A case study is presented to demonstrate how the approach could be applied to a hypothetical system.
Content Forthcoming
Add to Your Personal Library: Article
Cite Article
Cite Article
MLA
Vugrin, Eric D., and Jennifer Turgeon. "Advancing Cyber Resilience Analysis with Performance-Based Metrics from Infrastructure Assessments." IJSSE vol.4, no.1 2013: pp.75-96. http://doi.org/10.4018/jsse.2013010105
APA
Vugrin, E. D. & Turgeon, J. (2013). Advancing Cyber Resilience Analysis with Performance-Based Metrics from Infrastructure Assessments. International Journal of Secure Software Engineering (IJSSE), 4(1), 75-96. http://doi.org/10.4018/jsse.2013010105
Chicago
Vugrin, Eric D., and Jennifer Turgeon. "Advancing Cyber Resilience Analysis with Performance-Based Metrics from Infrastructure Assessments," International Journal of Secure Software Engineering (IJSSE) 4, no.1: 75-96. http://doi.org/10.4018/jsse.2013010105
Export Reference
IGI Global Open Access Collection provides all of IGI Global’s open access content in one convenient location and user-friendly interface
that can easily searched or integrated into library discovery systems.
Browse IGI Global Open
Access Collection
Author Services Inquiries
For inquiries involving pre-submission concerns, please contact the Journal Development Division:
journaleditor@igi-global.comOpen Access Inquiries
For inquiries involving publishing costs, APCs, etc., please contact the Open Access Division:
openaccessadmin@igi-global.comProduction-Related Inquiries
For inquiries involving accepted manuscripts currently in production or post-production, please contact the Journal Production Division:
journalproofing@igi-global.comRights and Permissions Inquiries
For inquiries involving permissions, rights, and reuse, please contact the Intellectual Property & Contracts Division:
contracts@igi-global.comPublication-Related Inquiries
For inquiries involving journal publishing, please contact the Acquisitions Division:
acquisition@igi-global.comDiscoverability Inquiries
For inquiries involving sharing, promoting, and indexing of manuscripts, please contact the Citation Metrics & Indexing Division:
indexing@igi-global.com Editorial Office
701 E. Chocolate Ave.
Hershey, PA 17033, USA
717-533-8845 x100