Refinement and realisation of security assessment methods


  • Jonas Hallberg
  • Johan Bengtsson
  • Richard Andersson

Publish date: 2008-01-07

Report number: FOI-R--2387--SE

Pages: 96

Written in: English


  • Networked information systems
  • IT security
  • security assessment
  • security metrics


There are risks associated with information technology, IT, that may substan-tially decrease the potential benefits. Thus, to maximize the utility of IT, possible security issues of information systems should be carefully considered and miti-gated. To be able to keep security under control, its assessment is important. However, since security is an abstract, subjective, non-tangible property, prop-erly assessing the security of non-trivial systems is hard and, currently, there are no methods for efficient, reliable, and valid security assessments. Thus, it is im-portant to extend previous efforts in order to enable the design of efficacious methods. The results presented in this report include:  improvements and extensions of an existing method,  a software environment for the implementation of methods,  the implementation of a software tool for an existing method, and  a novel method implementing a process model for security assessment.