Development of SecureMet: A Tool for Aligning Security Metrics and Organizations Security Objectives
The purpose of this project is to develop a tool henceforth called SecureMet to help an organization to determine the security metrics aligned with its security objectives based on the organization’s capabilities. The majority of organizations face a common problem in determining their security metr...
Saved in:
| Main Author: | |
|---|---|
| Format: | Thesis |
| Language: | eng eng |
| Published: |
2011
|
| Subjects: | |
| Online Access: | https://etd.uum.edu.my/2919/1/Noraini_Mohd_Noor.pdf https://etd.uum.edu.my/2919/2/1.Noraini_Mohd_Noor.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| id |
my-uum-etd.2919 |
|---|---|
| record_format |
uketd_dc |
| institution |
Universiti Utara Malaysia |
| collection |
UUM ETD |
| language |
eng eng |
| advisor |
Nordin, Nazib |
| topic |
QA76 Computer software |
| spellingShingle |
QA76 Computer software Noraini, Mohd Noor Development of SecureMet: A Tool for Aligning Security Metrics and Organizations Security Objectives |
| description |
The purpose of this project is to develop a tool henceforth called SecureMet to help an organization to determine the security metrics aligned with its security objectives based on the organization’s capabilities. The majority of organizations face a common problem in determining their security metrics aligned with their security objectives. SecureMet will be able to assist the organization in choosing the suitable security metrics and helping it to enhance its capabilities to achieve its security objectives. The tool is developed based on the Quality Function Development (QFD) approach, while existing frameworks such as the SSE-CMM and COBIT are used as guides in the determination and choice of the security capabilities and security objectives. The methodology employed for this project is based on the Rapid Application Develoment (RAD) model and is divided into four parts, namely, the requirement analysis phase, the design phase, the development phase and the verification phase. |
| format |
Thesis |
| qualification_name |
masters |
| qualification_level |
Master's degree |
| author |
Noraini, Mohd Noor |
| author_facet |
Noraini, Mohd Noor |
| author_sort |
Noraini, Mohd Noor |
| title |
Development of SecureMet: A Tool for Aligning Security Metrics and Organizations Security Objectives |
| title_short |
Development of SecureMet: A Tool for Aligning Security Metrics and Organizations Security Objectives |
| title_full |
Development of SecureMet: A Tool for Aligning Security Metrics and Organizations Security Objectives |
| title_fullStr |
Development of SecureMet: A Tool for Aligning Security Metrics and Organizations Security Objectives |
| title_full_unstemmed |
Development of SecureMet: A Tool for Aligning Security Metrics and Organizations Security Objectives |
| title_sort |
development of securemet: a tool for aligning security metrics and organizations security objectives |
| granting_institution |
Universiti Utara Malaysia |
| granting_department |
College of Arts and Sciences (CAS) |
| publishDate |
2011 |
| url |
https://etd.uum.edu.my/2919/1/Noraini_Mohd_Noor.pdf https://etd.uum.edu.my/2919/2/1.Noraini_Mohd_Noor.pdf |
| _version_ |
1747827460828823552 |
| spelling |
my-uum-etd.29192016-04-27T07:28:19Z Development of SecureMet: A Tool for Aligning Security Metrics and Organizations Security Objectives 2011 Noraini, Mohd Noor Nordin, Nazib College of Arts and Sciences (CAS) College of Arts and Sciences QA76 Computer software The purpose of this project is to develop a tool henceforth called SecureMet to help an organization to determine the security metrics aligned with its security objectives based on the organization’s capabilities. The majority of organizations face a common problem in determining their security metrics aligned with their security objectives. SecureMet will be able to assist the organization in choosing the suitable security metrics and helping it to enhance its capabilities to achieve its security objectives. The tool is developed based on the Quality Function Development (QFD) approach, while existing frameworks such as the SSE-CMM and COBIT are used as guides in the determination and choice of the security capabilities and security objectives. The methodology employed for this project is based on the Rapid Application Develoment (RAD) model and is divided into four parts, namely, the requirement analysis phase, the design phase, the development phase and the verification phase. 2011 Thesis https://etd.uum.edu.my/2919/ https://etd.uum.edu.my/2919/1/Noraini_Mohd_Noor.pdf application/pdf eng validuser https://etd.uum.edu.my/2919/2/1.Noraini_Mohd_Noor.pdf application/pdf eng public masters masters Universiti Utara Malaysia Akao, Y. (1990). Quality Function Deployment, Productivity Press, Cambridge MA Anderson, O. (1990). The use of Software Engineering Data in Support of Project Management. Software Engineering Journal, 5(6), 350-356. Basili, V., Caldiera, G., & Rombach, D. (1994). The Goal Question Metric Approach in Encyclopedia of Software Engineering (pp. 528-532): John Wiley and Sons Inc. Becker, E.L., et al (2008). Strategic Alignment of Software Process Improvement Programs Using QFD. ACM Bellovin, S. M. (2006). On The Brittleness Of Software And The Infeasibility Of Security Metrics. IEEE Security & Privacy, 4(4):96, July–August. Brotby, W. K. (2009). Information security management metrics: a definitive guide to effective security monitoring and measurement. Boca Raton, FL: Taylor & Francis Group, LLC. Cheng, X. R. (2007). Fuzzy Security Assessment of Entropy-Weight Coefficient Method Applied in Electric Power Information Systems.Power Engineering Conference, IPEC 2007. Croteau, A., And Bergeron, F. (2001). An information technology trilogy: business strategy, technological deployment and organizational performance. Journal of Strategic Information Systems 10, 77-99. Curtis, B., Hefley, W.E., And Miller, S.A. (2001). People Capability Maturity Model: Version 2.0. Retrieved October 3, 2011, from http://www.sei. cmu.edu/pub/documents/ 01.reports/pdf/01mm001.pdf. Dennis, A., Wixom, B.H., & Tegarden, D. (2005). System Analysis And Design With UML Version 2.0. Danvers: Wiley. Fenton, N. E., & Neil, M. (1999). Software Metrics: Successes, Failures and New Directions. The Journal of Systems and Software, 47, 149-157. Fruehwirth, C. et al (2010). Addressing Misalignment Between Information Security Metrics and Business-Driven Security Objectives. MetriSec, Italy. Fulton, & Bradley. (2001). The Weakest Link: The Human Factor. 29 August 2001. Retrieved 6 October 2011, from URL: http://www.sans. org/rr/encryption/human.php. Gheorghe, G (2009).A Governance and Compliance Maturity Model WISG’09, November 13, 2009, Chicago, Illinois, USA. ACM Hauser, J.R., & Clausing, D. (1996). The House Of Quality. IEEE Engineering Management Review 24, 24–32. Herzwurm, G. et al. (2003). QFD for customer – Focused Requirement Engineering. IEEE International Requirements Engineering Conference Honeywell. 2003. Alarm Performance Benchmarks– User’s Guide. Honeywell International, Morristown, New Jersey. Huang, (2008). Developing a SSE-CMM-based Security Risk Assessment Process for Patient-Centered Healthcare Systems. Germany. Ince, D., Sharp, H., & Woodman, M. (1993). Introduction to Software Project Management and Quality Assurance London: McGraw Hill Book Company. IT Governance Institute, COBIT Executive Summary, 3rd Edition, Released by COBIT Steering Committee, pp. 3, July 2000. Jaquith, A. (2007). Security metrics: replacing fear, uncertainty, and doubt. Upper. Saddle River, NJ: Pearson Education, Inc. Jensen, F. (2001).Bayesian Networks and Decision Graphs. Springer-Verlag, New York, USA. Kongsuwan, P., Shin, S., & Choi, M. (2008). Managing Quality Level for Developing Information Security System Adopting QFD. Software Engineering, Artificial Intelligence, Networking, and Parallel/ Distributed Computing, 2008. SNPD'08. Ninth ACIS International Conference on, 19–24. Lee, J. et al (2003). ACC-based Security Engineering Process Evaluation Model. Proceedings of the 27th Annual International Computer Software and Applications Conference (COMPSAC’03) Liu, X.F., Sun, Y., Kane, G., Kyoya, Y., & Noguchi, K. QFD application in software process management and improvement based on CMM.. Liu, X. F., et al. (2005). QFD Application in Software Process Management and Improvement, St Louis, Missouri, Proceedings of the third workshop on Software quality, 6USA.Copyright ACM. Mathew, N., & Brian, C. (2007). A Metrics Generation Model for Measuring the Control Objectives of Information Systems Audit. Proceedings of the 40th Hawaii International Conference on System Sciences. Mead, N.R. & INST, C.U.P.P.S.E. (2006) Experiences in Eliciting Security Requirements. Mellado, D. et al. (2010). A Comparison of Software Design Security Metrics. ECSA 2010, August 23–26, Copenhagen, Denmark. ACM Moller, K. H., & Paulish, D. J. (1993). Software Metrics: A Practitioner’s Guide to Improved Product Development London Chapman & Hall Computing. Morimoto, S. (2009). Application of COBIT to Security Management in Information Systems Development. International Conference on Frontier of Computer Science and Technology. Nunes, F.J. (2010). Security Engineering Approach to Support Software Security. IEEE 6th World Congress on Services. Brazil. Oza, N., Biffl, S., Fruthwirth, C., Selioukova, Y., & Sarapisto, R. (2008). Reducing the Risk of Misalignment between Software Process Improvement Initiatives and Stakeholder Values. Industrial Proceedings of EuroSPI, 6–9. Patriciu, V.T (2006). Security Metrics For Enterprise Information Systems. Applied Quantitative methods, Vol 1. New York. Paulk, M.C. (2001). A history of the Capability Maturity Model for software. Retrieved October 6, 2011. from http://www.sei.cmu.edu/cmm/slides/ cmm-history.pdf Paulk, et al. (1993). Capability Maturity Model for Software, Version 1.1, Software Engineering Institute, CMU/SEI-93-TR-24, February. Pfahler, M., & Jens, H. (2008). Clinical Information System - A Case Study.ACM. Canada. Phillips, M. (2003). Using a Capability Maturity Model to Derive Security Requirements. SANS Institute Proctor, P.E., & Byrnes, F. C., (2002). Secured Enterprise, The: Protecting Your Information Assets. Prentice HallJensen, F. Rathbun, D. (2009). Gathering Security Metrics and Reaping the Rewards Sans Institute. Ridley, G. et al. (2004). COBIT and its Utilization: A framework from the literature. Proceedings of the 37th Hawaii International Conference on System Sciences Sabherwal, R., & Chan, Y.E. (2001). Alignment between business and IS strategies: a study of prospectors, analyzers, and defenders. Information Systems Research 12, 11-33. Schneier, B. (2001). Managed security monitoring: network security for the 21st century. Computers and Security 20(6): 13. Seddigh, N., et al (2004). Current Trends and Advances in Information Assurance Metrics. Proc. of the 2nd Ann. Conf. Privacy, Security and Trust (PST 2004), Fredericton, NB, Oct. Simpson, J.J., & Endicott, B. (2010). System Security Capability Assessment Model Development and Application. Retrieved October 3, 2011, from http://www.eskimo.com/jjssbw/staticfiles/INCOSE10SSCAMSlides.pdf Sommerville. I. (2001). Software Engineering (61h ed.). Harlow, England: Addison Wesley. Stefani et.al. (2009). Meta-metric Evaluation of E-Commerce-related Metrics. Retrieved October 5 2011, from http://quality.eap.gr/Meta-metric Evaluationof20ECommerce.pdf Stoddard, M. et al., (2005). Proces control System Security Metric. Trustees Dartmouth.United State. Syed Jamal Hussain & Muhammad Sibghatullah Siddiqui. (2005). Quantified Model of COBIT for Corporate IT Governance. First international conference.ICICT VanZyl, A.J. (2001). The process innovation imperative and the software producing organization. Johannesburg: University of the Witwatersrand. (PhD thesis). Vaughn, R., Henning, R. & Siraj, A. (2003). Information Assurance Measures and Metrics: State of Practice and Proposed Taxonomy. Proc. of 36th Hawaii Int. Conf. on System Sciences HICSS 03. Verma, et al (1996). Analyzing a Quality Function Deployment (QFD) Matrix: An Expert System Based Approach to Identify Inconsistencies and Opportunities. Vermissen, P. (2007). Security Metrics. Retrieved September 29, 2011, From http;//www.isaca.be/ content/Peter_Versmissen.pdf Whitten, J. L. Betley, L.D., & Diltman, D.C. (2004). Systems Analysis and Design Methods. 6th edition. Boston: McGraw-Hill Education. |