The TSAR procedure rev. 1 - Test of Security Assessment Relevance

Authors:

  • Johan Bengtsson
  • Kristoffer Lundholm
  • Jonas Hallberg
  • Amund Gudmundson Hunstad
  • Jacob Löfvenberg

Publish date: 2010-12-10

Report number: FOI-R--3061--SE

Pages: 29

Written in: English

Keywords:

  • Security assessment
  • relevance
  • testing procedure

Abstract

Nowadays there exist a number of different security assessment methods. Different security assessment methods have, for example, different approaches to how to perform security assessments at the same time as the cost of performing an assessment can vary widely. In order to facilitate the choice of security assessment method, a formalized way of evaluating security assessment methods is needed. This report presents the first revision of the testing procedure TSAR, which is used to evaluate security assessment methods and thereby facilitates the process of choosing a method. The TSAR procedure describes to what degree a security assessment method fulfills the need of security assessment, that is, the relevance of the tested security assessment method. To model the security assessment needs, a set of characteristics is used. The relevance of a security assessment method is decided by comparing the model of the security assessment needs to the characteristics of the method. Such a set of characteristics, to be used for the modeling of security assessment needs, is provided in this report.