Abstract
As the use of global networking grows and information systems change characteristics, becoming open, distributed, and integrating communication, computing, and media technology, there is a need for security analysis methods that can handle the new environment with new actors, new rules, short system development and life times, and also new ways of using the systems. In addition, there is a need for methods that can be applied already at an early system development stage. We will in this paper present an approach to standardize the security analysis method and show how this method can be used to evaluate the security in a virtual target system.
The original version of this chapter was revised: The copyright line was incorrect. This has been corrected. The Erratum to this chapter is available at DOI: 10.1007/978-0-387-35575-7_19
Chapter PDF
Similar content being viewed by others
Key words
References
Audit Commission: Opportunity Makes a Thief. An Analysis of Computer Abuse, Audit Commission national report 1994
Audit Commission: Gost in the Machine, An analysis of IT Fraud and Abuse (Update), 1998 ISBN 186240 056 3
Richard Baskerville, ‘Information Systems Security Design Methods: Implications for Information Systems Development’, 1993, ACM Computing Surveys, Vol.25, No. 4, pp. 375–414.
Richard Baskerville, ‘A taxonomy for Analysing Hazards to Information Systems’ published on pp.167–176 in ‘Information Systems Security, facing the information society of the 21st century’ by Sokratis K.Katsikas and Dimitris Gritzalis, Chapman and Hall, ISBN 0–412–78120–4.
ErnestandYoung: Björck Fredrik, 1997 Information Security Survey - Sweden 1997, Stockholm, ErnestandYoung
ErnestandYoung: Björck Fredrik, 1998 Information Security Survey - Sweden 1998, Stockholm, EmestandYoung
Global Information Security Survey 1997, ErnestandYoung, Cleveland 1997
BS7799: Code of Practice for Information Security Management, British Standards Institute 1995
Ann Frisinger, ‘Security in the Networked Education Process’, 15 June 1988, TRITA-IT AVH 98:02, ISSN 1103–534X, ISRN KTH/AVH-98/02-SE.
Stephen Hinde, `Recent Security Surveys, Computers and Security’, 17(1998)207–210
John D. Howard, ‘An Analysis Of Security Incidents On The Internet’, Ph.D. Dissertation, Carnegie Mellon University, April 7, 1997, URL: http://www.cert.org/research/JHThesis.
Gustaf Hamilton, ‘Risk Management 2000’, Studentlitteratur 1996, ISBN 91–4400082–0.
Jacobsson 1996 Jacobson R.V. CORA Cost-of-Risk Analysis, IFIP’96 WG11.2 Samos Greece
Gregory J. Millman, ‘Around the World on a Trillion Dollars a Day’, Transworld publishers ltd., British Library 0593039653, 1995
Charles P Pfleeger, `Security in Computing’, Prentice Hall, 2nd ed, 1997
Richard Power,1998 CSI/FBI Computer Crime and Security Survey. Computer Security Journal XIV, no 3:31–42
RPS: Datorrelaterad brottslighet. Uppföljning av en enkätundersökning hos polismyndighetema, RPS rapport 1994: 13
Datorrelaterade missbruk och brott - en kartläggning gjord av Effektivitetsrevisionen, RRV 1997:33
Saari, J., ‘Computer Crime: Numbers lie. Comput.Sec. 6, 2, 111–117’, 1987.
Saari, J., ‘Top management challenge: From quantitative guesses to prudent baseline of security.’ In Proceedings of the 1991 IFIP Computer Security Conference (Brighton, England, May). IFIP, Geneva, Switzerland, 295–300.
von Solms 97 R. Von Sohns, ‘Can security Baselines replace Risk Analysis’ in Proceedings of the IFIP TC1113th International conference on Information Security (SEC’97): 14–16 May 1997, Copenhagen, Denmark, ChapmanandHall 1997, pp 91–98
ÖCB94] Säkerhetshöjande ätgärder för samhällsviktiga datasystem inom den civila delen av totalfArsvaret, ÖCB Dnr 6–1185–94
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1999 IFIP International Federation for Information Processing
About this chapter
Cite this chapter
Frisinger, A., Yngstrom, L. (1999). An approach to standardizing security analysis methods for virtual systems. In: Eloff, J.H.P., Labuschagne, L., von Solms, R., Verschuren, J. (eds) Information Security Management & Small Systems Security. IFIP — The International Federation for Information Processing, vol 26. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-35575-7_6
Download citation
DOI: https://doi.org/10.1007/978-0-387-35575-7_6
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4757-5483-4
Online ISBN: 978-0-387-35575-7
eBook Packages: Springer Book Archive