Abstract
A major shift of paradigm is currently taking place in the business world. The old business model, once focused on the efficiency of manufacturing and galvanised by standardisation, is steadily making place to a service-based business model underpinned by customisation.
Although such a shift is being embraced throughout the developed as well as the emerging world, academia is still lagging behind as the potential of service as a discipline has yet to be fully explored. In a service business, ensuring customer confidence on the security of the service is key to a successful service launch or for retaining customers’ loyalty. However as research on service science is still at its infancy, metrics for the specification and valuation of such confidence are still to emerge.
To encourage more work in this direction, this paper explores the motivation behind the ongoing adoption of a service paradigm and provides a set of metrics that could be beneficially investigated by academia to help businesses address more effectively the need for both service provider and consumer to have Security Assurance.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Chesbrough, H., Spohrer, J.: A research manifesto for services science. Communications of ACM 49(7), 35–40 (2006)
Rust, R.T., Miu, C.: What academic research tells us about service. Communication of the ACM 49(7), 49–54 (2006)
Lusch, R.F., Vargo, S.L.: The service-dominant logic of marketing: Dialog debate and directions, M.E. Sharpe (2006)
WISSRR: Security System Scoring and Ranking. In: Proceedings of WISSRR (2001), http://www.acsac.org/measurement/proceedings/wisssr1-proceedings.pdf (accessed May 22, 2011)
Swanson, M.: Security Metrics guide for Information Technology System, National Institute of Standards and Technology, Special publication #800-26, Gaithersburg, MD (2001)
Seddigh, N., Pieda, P., Matrawy, A., Nandy, B., Lambadaris, L., Hatfield, A.: Current Trends and Advances in Information Assurance Metrics. In: Proceedings of 2nd Annual Conference on Privacy, Security and Trust (PST), New Brunswick, Canada (October 2004)
Vaughn, R.B., Henning, R., Siraj, A.: Information Assurance Measures and Metrics – State of Practice and Proposed Taxonomy. In: Proceedings of the 36th Annual Hawaii International Conference on System Sciences (HICSS), Hawaii (2003)
Savola, R.M.: Towards a risk-driven methodology for privacy metrics development. In: Proceeding of the 2nd IEEE International Conference on Social Computing, August, Minneapolis, MN, pp. 1086–1092 (2010)
Bulut, E., Khadraoui, D., Marquet, B.: Multi-Agent based Security Assurance monitoring system for telecommunication infrastructures. In: Proceedings to the Communication, Network, and Information Security Conference, Berkeley/California. ACTA Press, Anaheim (2007)
Ouedraogo, M., Khadraoui, D., De Rémont, B., Dubois, E., Mouratidis, H.: Deployment of a Security Assurance Monitoring Framework for Telecommunication Service Infrastructure on a VoIP system. In: Proceeding of New Technologies, Mobility and Security Conference (NTMS), Tangier, pp. 1–5. IEEExplore (2008)
Common Criteria Sponsoring Organisations: Common Criteria for Information Technology Security Evaluation Part 3: Security Assurance components, Version 3.1 Rev 1, National Institute of Standards and Technology CCMB-2006-09-003 (September 2006)
Julisch, K.: Security compliance: The next frontier in security research. In: Proceedings of the New Security Paradigms Workshop (NSPW). ACM, New York (2008)
Ouedraogo, M., Khadraoui, D., Mouratidis, H., Dubois, E.: Appraisal and reporting of security assurance at operational systems level. Journal of Software and Systems 85(1), 193–208 (2012)
Bellovin, S.M.: On the Brittleness of Software and the Infeasibility of Security Metrics. IEEE Security & Privacy 4(4), 96 (2006)
Skroch, M.J., McHugh, J., Williams, J.M.: Information Assurance Metrics: Prophecy, Process, or Pipedream? In: Proceedings of the Panel Workshop, National Information System Security Conference, Baltimore, USA (2000)
Payne, S.C.: A Guide to Security Metrics, SANS Institute, InfoSec Reading Room (2006)
Breaux, T.D.: Legal Requirements Acquisition for the Specification of Legally Compliant Information Systems. Ph.D. Thesis, North Carolina State University (2009)
Ouedraogo, M., Savola, R., Mouratidis, H., Preston D, Kadraoui, D., Dubois, E.: Taxonomy of quality metrics for assessing assurance of security correctness. Software Quality Journal (2012), doi:10.1007/s11219-011-9169-0
Savola, R.M.: A Security Metrics Taxonomization Model for Software-Intensive Systems. Journal of Information Processing Systems 5(4), 197 (2009)
Sneider, B.: Sneider on security: A blog covering security and security terminology, http://www.schneier.com/blog/archives/2008/09/security_roi_1.html (accessed: November 29, 2011)
Kanstrén, T., Savola, R., Evesti, A., Pentikäinen, H., Hecker, A., Ouedraogo, M., Hätönen, K., Halonen P., Blad, C., López, O., Ros, S.: Towards an abstraction layer for Security Assurance measurements. In: Proceedings of the Fourth European Conference on Software Architecture (ECSA) Companion volume, Copenhagen, pp. 189–196. ACM
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ouedraogo, M. (2012). Towards Security Assurance Metrics for Service Systems Security. In: Snene, M. (eds) Exploring Services Science. IESS 2012. Lecture Notes in Business Information Processing, vol 103. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-28227-0_28
Download citation
DOI: https://doi.org/10.1007/978-3-642-28227-0_28
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-28226-3
Online ISBN: 978-3-642-28227-0
eBook Packages: Computer ScienceComputer Science (R0)