참고문헌
- R. Savola, “A Taxonomical Approach for Information Security Metrics Development” Nordsec '7 Supplemental Booklet of Short Papers, Reykjavík, Iceland, 11 p., Oct., 11-12, 2007.
- W. Jansen, “Directions in Security Metrics Research,” NIST, NISTIR 7564, 21 p., Apr., 2009.
- R. Savola, “Towards a Taxonomy for Information Security Metrics,”QoP '7, Alexandria, VA, USA, pp.28-30, Oct., 29, 2007
- R. Savola, “A Novel Security Metrics Taxonomy for R&D Organizations,”ISSA '8, Johannesburg, South Africa, pp.379-390, Jul., 7-9, 2008.
- R. Henning et al., “Proceedings of Workshop on Information Security System, Scoring and Ranking Information System Security Attribute Quantification or Ordering,”ACSA and MITRE, Williamsburg, VA, USA, May, 2001, Publ. 2002.
- N. Seddigh, P. Pieda, A. Matrawy, B. Nandy, I. Lambadaris, A. Hatfield, “Current Trenes and Advances in Information Assurance Metrics,”PST '4, Fredericton, NB, Canada, Oct., 2004.
- M. Swanson, “ecurity Self-Assessment Guide for Information Technology Systems,”NIST Special Publication 800-26, Nov., 2001
- M. Swanson, N. Bartol, J. Sabato, J. Hash, L. Graffo, “ecurity Metrics Guide for Information Technology Systems,”NIST Special Publication 800-55, Jul., 2003.
- R. Vaughn, R. Henning, A. Siraj, “Information Assurance Measures and Metrics: State of Practice and Proposed Taxonomy,”HICSS '3, Hawaii, USA, 2003.
- R. Savola, H. Abie, “Identification of Basic Measurable Security Components for a Distributed Messaging System,”SECURWARE '9, Athens/Glyfada, Greece, pp. 121~128, Jun., 18-23, 2009
- N. Bartol, B. Bates, K. M. Goertzel, T. Winograd, “Measuring Cyber Security and Information Assurance: a State-of-the-Art Report,”Information Assurance Technology Analysis Center (IATAC), May, 2009.
- A. Jaquith, “Security Metrics: Replacing Fear, Uncertainty and Doubt,”Addison-Wesley, 2007
- D. S. Herrmann, “Complete Guide to Security and Privacy Metrics –Measuring Regulatory Compliance, Operational Resilience and ROI,”Auerbach Publications, 2007.
- D. B. Parker, “Computer Security Management,” Reston Publishing Company, Reston, VA, USA, 1981.
- ITU-T Recommendation X.805, “Security Architecture for Systems Providing End-to-End Communications,” 2003.
- D. Longley, M. Shain, “Data and Computer Security:Dictionary of Standards, Concepts and Terms,”Macmillan, 1987.
- D. Gollmann, “Computer Security,”John Wiley & Sons, 1999.
- R. C. Summers, “Secure Computing, Threats and Safeguards,”McGraw-Hill, 1997
- A. Aviženis, J.-C. Laprie, B. Randell, C. Landwehr, ”Basic Concepts and Taxonomy of Dependable and Secure Computing,”IEEE Tr. on Dependable and Secure Computing, Vol. 1, No.1, pp.11-33, Jan./Mar. 2004 https://doi.org/10.1109/TDSC.2004.2
- B. S. Yee, “Security Metrology and the Monty Hall Problem,”Workshop on Information Security System Scoring and Ranking (WISSSR), ACSA and MITRE, Williamsburg, USA, May 2001, Publ. 2002
- Practical Software & Systems Measurement Safety and Security Technical Working Group, “Security Measurement –White Paper,”Vers. 3.0, 67 p., Jan., 2007.
- M. Howard, J. Pincus, J. M. Wing, “Measuring Relative Attack Surfaces,”Workshop on Advanced Developments in Software and Systems Security, 2003.
- P. K. Manadhata, D. K. Kaynar, J. M. Wing, “A Formal Model for a System' Attack Surface,”Technical Report CMU-CS-07-144, Jul., 2007.
- ISO/IEC 21827:2003, “Information Technology Systems Security Engineering –Capability MaturityModel (SSE-CMM),”ISO/IEC, 2003
- R. Kailar, V. D. Gligor, L. Gong, ”On the Security Effectiveness of Cryptographic Protocols,”4th IFIP Working Conf. on Dependable Computing for Critical Applications, Vol.9, 1994.
- C. Wang, W. A. Wulf, “Towards a Framework for Security Measurement,”20th National Information Systems Security Conference, Baltimore, MD, USA, pp.522-533, Oct., 1997.
- M. Schiffman, G. Eschelbeck, D. Ahmad, A. Wright, S. Romanosky, “CVSS: a Common Vulnerability Scoring System,”U.S. National Infrastructure Advisory Council (NIAC), 2004
- R. A. Martin, “Managing Vulnerabilities in Networked Systems,”IEEE Computer Society Computer Magazine, Vol.34, No.11, Nov., 2001. https://doi.org/10.1109/2.963441
- M. Barrett, C. Johnson, P. Mell, S. Quinn, K. Scarfone, ”Guide to Adopting and Using the Security Content Automation Protocol (SCAP),”NIST Special Publication 800-117 (Draft), NIST, 2009
- B. Schneier, “ttack Trees,”Dr. Dobb's Journal, Vol.24, No.12, 1999.
- S. E. Schechter, “Computer Security Strength & Risk: a Quantitative Approach,”Ph.D Thesis, Harvard University, Cambridge, MA, USA, 2004.
- S. S. Stevens, “On the Theory of Scales of Measurement,” Science, Vol. 103, Issue 2684, pp.677-680, Jun., 7, 1946. https://doi.org/10.1126/science.103.2684.677
- R. Savola, “Requirement Centric Security Evaluation of Software Intensive Systems,”DepCOSRELCOMEX' 7, Szklarska Poreba, Poland, pp.135-142, Jun., 14-16, 2007.
- R. Savola, “Development of Security Metrics for a Distributed Messaging System,”AICT '9, Baku, Azerbaijan, 6 p., Oct., 14-16, 2009.
- R. Savola, “A Security Metrics Development Method for Software Intensive Systems,”ISA '9, Seoul, Korea, Jun., 25-27, 2009, Springer CCIS 36, pp.11-16, 2009.
- J. McHugh, “Quantitative Measures of Assurance:Prophecy, Process or Pipedream?”Workshop on Information Security System Scoring and Ranking (WISSSR), ACSA and MITRE, Williamsburg, VA, USA, May, 2001, Publ. 2002.
- D. McCallam, “The Case Against Numerical Measures of Information Assurance,”Workshop on Information Security System Scoring and Ranking (WISSSR), ACSA and MITRE, Williamsburg, VA, USA, May, 2001, Publ. 2002.
- S. M. Bellovin, “On the Brittleness of Software and the Infeasibility of Security Metrics,”IEEE Security & Privacy, p. 96, Jul./Aug., 2006
- P. Burris, C. King, “A Few Good Security Metrics,” METAGroup Inc., Oct., 2000
피인용 문헌
- Quality of security metrics and measurements vol.37, 2013, https://doi.org/10.1016/j.cose.2013.05.002
- Towards Measurement of Security Effectiveness Enabling Factors in Software Intensive Systems 2014, https://doi.org/10.7763/LNSE.2014.V2.104
- Security Risk Visualization with Semantic Risk Model vol.83, 2016, https://doi.org/10.1016/j.procs.2016.04.247