Security attribute evaluation method a cost-benefit approach
Conducting cost-benefit analyses of architectural attributes such as security has always been difficult, because the benefits are difficult to assess. Specialists usually make security decisions, but program managers are left wondering whether their investment in security is well spent. This paper s...
Saved in:
| Published in | Proceedings - International Conference on Software Engineering pp. 232 - 240 |
|---|---|
| Main Author | |
| Format | Conference Proceeding Journal Article |
| Language | English |
| Published |
New York, NY, USA
ACM
01.01.2002
|
| Series | ACM Conferences |
| Subjects |
Social and professional topics
> Professional topics
> Management of computing and information systems
> Implementation management
> Pricing and resource allocation
Social and professional topics
> Professional topics
> Management of computing and information systems
> Project and people management
|
| Online Access | Get full text |
| ISBN | 158113472X 9781581134728 |
| ISSN | 0270-5257 |
| DOI | 10.1145/581339.581370 |
Cover
| Abstract | Conducting cost-benefit analyses of architectural attributes such as security has always been difficult, because the benefits are difficult to assess. Specialists usually make security decisions, but program managers are left wondering whether their investment in security is well spent. This paper summarizes the results of using a cost-benefit analysis method called SAEM to compare alternative security designs in a financial and accounting information system. The case study presented in this paper starts with a multi-attribute risk assessment that results in a prioritized list of risks. Security specialists estimate countermeasure benefits and how the organization's risks are reduced. Using SAEM, security design alternatives are compared with the organization's current selection of security technologies to see if a more cost-effective solution is possible. The goal of using SAEM is to help information-system stakeholders decide whether their security investment is consistent with the expected risks. |
|---|---|
| AbstractList | Conducting cost-benefit analyses of architectural attributes such as security has always been difficult, because the benefits are difficult to assess. Specialists usually make security decisions, but program managers are left wondering whether their investment in security is well spent. This paper summarizes the results of using a cost-benefit analysis method called SAEM to compare alternative security designs in a financial and accounting information system. The case study presented in this paper starts with a multi-attribute risk assessment that results in a prioritized list of risks. Security specialists estimate countermeasure benefits and how the organization's risks are reduced. Using SAEM, security design alternatives are compared with the organization's current selection of security technologies to see if a more cost-effective solution is possible. The goal of using SAEM is to help information-system stakeholders decide whether their security investment is consistent with the expected risks. |
| Author | Butler, Shawn A. |
| Author_xml | – sequence: 1 givenname: Shawn A. surname: Butler fullname: Butler, Shawn A. organization: Carnegie Mellon University, Pittsburgh, PA |
| BackLink | http://pascal-francis.inist.fr/vibad/index.php?action=getRecordDetail&idt=16076004$$DView record in Pascal Francis |
| BookMark | eNqNkD1PwzAQhi1RJNrSkb0DMJHis5PYHVHFl1SJAZDYrLN7EYF8FNtB6r8nUStWuOW94dF7p2fCRk3bEGNnwBcAaXadaZByuRhC8SM2gX4DmSrxNmJjLhRPMpGpEzYL4YP3k8o0Azlm58_kOl_G3Rxj9KXtIs3pG6sOY9k285rie7s5ZccFVoFmh5yy17vbl9VDsn66f1zdrBOUIGNiLYi0f2OjlRVao7S2oFy4XAplnVtuct7fTIk4aKUc5jkJQhS2EKCt5nLKLve9W99-dRSiqcvgqKqwobYLRkKWai3gT1AoBTnXA3hxADE4rAqPjSuD2fqyRr8zPaTyQcZvIbra2Lb9DAa4GcyavVmzN9uDV_8CjfUlFfIHjZh24A |
| ContentType | Conference Proceeding Journal Article |
| Copyright | 2002 ACM 2004 INIST-CNRS |
| Copyright_xml | – notice: 2002 ACM – notice: 2004 INIST-CNRS |
| DBID | IQODW 7SC 8FD JQ2 L7M L~C L~D |
| DOI | 10.1145/581339.581370 |
| DatabaseName | Pascal-Francis Computer and Information Systems Abstracts Technology Research Database ProQuest Computer Science Collection Advanced Technologies Database with Aerospace Computer and Information Systems Abstracts Academic Computer and Information Systems Abstracts Professional |
| DatabaseTitle | Computer and Information Systems Abstracts Technology Research Database Computer and Information Systems Abstracts – Academic Advanced Technologies Database with Aerospace ProQuest Computer Science Collection Computer and Information Systems Abstracts Professional |
| DatabaseTitleList | Computer and Information Systems Abstracts Computer and Information Systems Abstracts |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Applied Sciences Computer Science |
| EndPage | 240 |
| ExternalDocumentID | 16076004 |
| Genre | Conference Paper |
| GroupedDBID | 6IE 6IF 6IH 6IK 6IL 6IN AAJGR AAVQY ACM ADPZR ALMA_UNASSIGNED_HOLDINGS APO BEFXN BFFAM BGNUA BKEBE BPEOZ CBEJK GUFHI IEGSK IERZE OCL RIB RIC RIE RIL RIO -~X .4S .DC 123 23M 29O 5VS 6IM 8US AAWTH ABLEC ADZIZ AFFNX ARCSS AVWKF CHZPO EDO FEDTE I-F I07 IJVOP IPLJI IQODW M43 RIG RNS XOL 7SC 8FD JQ2 L7M L~C L~D ADFMO LHSKQ |
| ID | FETCH-LOGICAL-a313t-bb124133d87b288a3bbfe62c6327bcc9d605134ee01877ca66e2eaa2bf218b803 |
| ISBN | 158113472X 9781581134728 |
| ISSN | 0270-5257 |
| IngestDate | Fri Jul 11 16:35:18 EDT 2025 Fri Sep 05 05:14:08 EDT 2025 Wed Apr 02 07:19:04 EDT 2025 Wed Jan 31 06:46:06 EST 2024 |
| IsDoiOpenAccess | false |
| IsOpenAccess | true |
| IsPeerReviewed | false |
| IsScholarly | true |
| Keywords | Sensitivity analysis Software development Information system Risk assessment Safety Cost benefit analysis Risk analysis Software engineering |
| Language | English |
| License | Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from Permissions@acm.org CC BY 4.0 |
| LinkModel | OpenURL |
| MeetingName | ICSE02: International Conference on Software Engineering |
| MergedId | FETCHMERGED-LOGICAL-a313t-bb124133d87b288a3bbfe62c6327bcc9d605134ee01877ca66e2eaa2bf218b803 |
| Notes | SourceType-Scholarly Journals-2 ObjectType-Feature-2 ObjectType-Conference Paper-1 content type line 23 SourceType-Conference Papers & Proceedings-1 ObjectType-Article-3 content type line 25 |
| PQID | 27716081 |
| PQPubID | 23500 |
| PageCount | 9 |
| ParticipantIDs | proquest_miscellaneous_27716081 acm_books_10_1145_581339_581370 pascalfrancis_primary_16076004 proquest_miscellaneous_31548821 acm_books_10_1145_581339_581370_brief |
| PublicationCentury | 2000 |
| PublicationDate | 2002-01-01 |
| PublicationDateYYYYMMDD | 2002-01-01 |
| PublicationDate_xml | – month: 01 year: 2002 text: 2002-01-01 day: 01 |
| PublicationDecade | 2000 |
| PublicationPlace | New York, NY, USA |
| PublicationPlace_xml | – name: New York, NY, USA – name: New York NY |
| PublicationSeriesTitle | ACM Conferences |
| PublicationTitle | Proceedings - International Conference on Software Engineering |
| PublicationYear | 2002 |
| Publisher | ACM |
| Publisher_xml | – name: ACM |
| SSID | ssj0000434513 ssj0006499 |
| Score | 2.0940275 |
| Snippet | Conducting cost-benefit analyses of architectural attributes such as security has always been difficult, because the benefits are difficult to assess.... |
| SourceID | proquest pascalfrancis acm |
| SourceType | Aggregation Database Index Database Publisher |
| StartPage | 232 |
| SubjectTerms | Applied sciences Computer science; control theory; systems Exact sciences and technology Security and privacy Social and professional topics -- Computing -- technology policy -- Computer crime Social and professional topics -- Professional topics -- Management of computing and information systems -- Implementation management -- Pricing and resource allocation Social and professional topics -- Professional topics -- Management of computing and information systems -- Project and people management Social and professional topics -- Professional topics -- Management of computing and information systems -- Software management Software Software engineering |
| Subtitle | a cost-benefit approach |
| Title | Security attribute evaluation method |
| URI | https://www.proquest.com/docview/27716081 https://www.proquest.com/docview/31548821 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwnV1NT9wwELUKp96oWNSlBXKAEwpdj53EHFeoFaoEQgIkbpbH64hLAyJBSP31nYnzsbtQofaSTawk3syM7DdjzxshDqWHcgHoUnSFT7UOmOKsNCm5zhmSUfkMOBv54jI_v9U_77K7sUhrm13S4In__WZeyf9oldpIr5wl-w-aHV5KDXRO-qUjaZiOa-D3zXnmamis-6V-0M39WpRvzOnjhYFrGnZfeLfXEhHhstlcd_Xsjl0Ta2GFJULwrt704MLzZqJYt-vevVTH85M4RjF3ck1KvljqezW8AGvhhXlH9tx6nDIzklNP2wLow5DXxSfj7AmRfOn1wKyZw4KeV6RG_ilmG2KjMDKm3A1hsZlWOlaDHDvrmLn6a9NTpers28oLGWD4X7y71dVk4GWsTPJqkm2Rw82WmIwySEaFfRIfQrUtDntxJ4O4k1HcSRT3RNz--H5zdp52dStSp6RqUkTJq5VqYQoEY5xCLEMOPldQoPenC3Ih6UtC4IKIhXd5HiA4B1gS3kIzUztis3qowmeRlC7n7GYAhrp4KpEQh0QsCGhrAO-m4oA-2bJN1jbmmGc2CsVGoUzF0Tt3WCSrKKdif0Vs9jGynVhmICRUrKmrXo6WhiBeV3JVeHiuLRTkdBO0_Psdih1jA3L33b_7RXwcrfCr2GyensMewb4G91tD-QOJDlD3 |
| linkProvider | IEEE |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=proceeding&rft.title=Proceedings+of+the+24th+International+Conference+on+Software+Engineering&rft.atitle=Security+attribute+evaluation+method&rft.au=Butler%2C+Shawn+A.&rft.series=ACM+Conferences&rft.date=2002-01-01&rft.pub=ACM&rft.isbn=158113472X&rft.spage=232&rft.epage=240&rft_id=info:doi/10.1145%2F581339.581370 |
| thumbnail_l | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=0270-5257&client=summon |
| thumbnail_m | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=0270-5257&client=summon |
| thumbnail_s | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=0270-5257&client=summon |