English
Johan Bengtsson, Jonas Hallberg, Amund Hunstad, Jacob Löfvenberg
Scientific report, FOI-R--2624--SE
Nowadays there exist a great number of different security assessment methods. Different security assessment methods have, for example, different approaches to how to perform security assessments at the same time as the cost of performing an assessment can vary widely. In order to facilitate the choice of security assessment method, a formalized way of evaluating security assessment methods is needed.
This report presents the testing procedure TSAR, which is used to evaluate security assessment methods and thereby facilitates the process of choosing a method. The TSAR procedure describes to what degree a security assessment method fulfills the general qualities relevance and validity. Thus, test results indicate whether a security assessment method provides the needed security assessment results as well as if the method is appropriate for the type of information system in question. To be able to calculate the identified qualities’ degree of fulfillment, a set of characteristics is also provided for each one of the qualities.
Jonas Hallberg, Johan Bengtsson, Richard Andersson
Scientific report, FOI-R--2387--SE, 95 p.
There are risks associated with information technology, IT, that may substantially decrease the potential benefits. Thus, to maximize the utility of IT, possible security issues of information systems should be carefully considered and mitigated. To be able to keep security under control, its assessment is important. However, since security is an abstract, subjective, non-tangible property, properly assessing the security of non-trivial systems is hard and, currently, there are no methods for efficient, reliable, and valid security assessments. Thus, it is important to extend previous efforts in order to enable the design of efficacious methods.
The results presented in this report include:
- improvements and extensions of an existing method,
- a software environment for the implementation of methods,
- the implementation of a software tool for an existing method, and
- a novel method implementing a process model for security assessment.
Johan Bengtsson & Peter Brinck
FOI Memo 2255
Thorough security assessment results in complex processes. The eXtended Method for Assessment of System Security (XMASS) has been designed to support such processes. This report describes how an assessment tool realizing XMASS, within the security assessment tool environment NTE, is used.
Jonas Hallberg, Niklas Hallberg, Amund Hunstad
Scientific report, FOI-R--2154--SE, 75 p.
Continuity and reliability require efficient risk management regarding information systems. Assessing the security level of information systems is one issue regarding risk management in need of being resolved.
The presented results include:
- Crossroads; a framework supporting classification and comparison of security assessment methods.
- The classification of six security assessment methods according to the Crossroads framework.
- XMASS; the eXtended Method for Assessment of System Security that illustrates how characteristics of complex networked information systems can be quantified and aggregated to system-level security values.
Hallberg Jonas, Hunstad Amund, Bond Anders, Peterson Mikael, & Påhlsson Nils
Scientific report, FOI-R--1468--SE, FOI 2004, 86 p.
IT security is an issue of vital importance for all IT-based systems. As IT is penetrating the society, IT security becomes increasingly important. Unfortunately, IT security is intrinsically difficult to handle and motivate. Security assessment is a central ability in the striving for adequate levels of IT security in systems. In this report, an effort to enable system-wide IT security assessment is described. The presented results include:
- A study of current security evaluation methods.
- Terminology for the area of security assessment.
- A framework for system security assessment.
- A method for system security assessment.
- A framework for system component security assessment.
- A method for system component security assessment.
Andersson Richard, Hunstad Amund, & Hallberg Jonas
Scientific report, FOI-R--1042--SE, FOI 2003, 63 p.
A networked defense, and the networked information society, requires both trustworthy information systems and that users and societies trust these systems. Since the trustworthiness of systems depends on the level of IT security, the ability to assess the IT security ability is vital. Currently, there are no efficient methods for establishing the level of IT security in information systems. This far, most methods are targeted at parts of a system, this is a severe limitation since it rather is the system perspective that should be in focus.
The main results produced by the efforts described in this report are: a survey of contemporary security assessment techniques for distributed information systems, a set of terms for the field of security assessment, a framework structuring the security evaluation process and enabling different aspects of the modeled system to be emphasized, a set of security functions needed in systems, based on the security functional requirements of the Common Criteria (CC, 1999), and a method using the set of security functions to assess the securability of distributed information systems.
Hunstad Amund & Hallberg Jonas
Scientific report, FOI-R--0712--SE, FOI 2002, 52 p.
The appearance of widely distributed systems providing services and information critical to both organizations and individuals results in new challenges for systems and security engineers. While adequate solutions to solve the unavoidable security issues have to be designed and implemented, the systems are increasingly difficult to be comprehended and assessed. Thus efficient design frameworks and modeling techniques are crucial for the development of future systems.
Since no distributed information system can be designed secure, but can include the necessary prerequisities to be secured during operation; the aim is design for securability. To achieve design for securability, three steps have to be supported in the design of distributed systems. Firstly, the interactions and relations between the system and its environment have to be captured. Secondly, a set of security requirements on the system has to be formulated. Thirdly, the set of requirements has to be implemented in the system.
This report is focused on the third step, which requires system models and design methods and tools. Especially, efforts regarding the identification of security-relevant characteristics and the formulation of adequate modeling techniques are presented. The long-term goal is to build an environment suitable for modeling, simulation, and assessment of security architectures.