Crossroads and XMASS: Framework and method for system IT security assessment


  • Hallberg Jonas
  • Hallberg Niklas
  • Hunstad Amund

Publish date: 2006-01-01

Report number: FOI-R--2154--SE

Pages: 75

Written in: English


Continuity and reliability require efficient risk management regarding information systems. Assessing the security level of information systems is one issue regarding risk management in need of being resolved. The presented results include: * Crossroads; a framework supporting classification and comparison of security assessment methods. * The classification of six security assessment methods according to the Crossroads framework. * XMASS; the eXtended Method for Assessment of System Security that illustrates how characteristics of complex networked information systems can be quantified and aggregated to system-level security values.