By Topic

Justifying information security investments in web software: (Quantitative techno-business modeling approach)

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

4 Author(s)
Zoric, J. ; Telenor GBD&R, Norwegian Univ. of Sci. & Technol., Trondheim, Norway ; Helme, A. ; Kvalheim, H. ; Sundve, E.

Security of services and platforms is a vital and complex aspect, which requires significant investments. We use a techno-business modeling (TBM) approach for analysis of service platform security, aiming at justifying the information security investments during the life-cycle of a web software platform. Techno-business environment influences the above-mentioned models and scenarios. It is analyzed by drivers and driver-based scenarios. The TBM had to be extended for security analyses. We have added the set of security drivers and scenarios, in order to model the effect of misuse cases (triggered by security breaches). After simulation of security breaches and misuse cases, their influence on the rest of the environmental drivers (and the TBM models and scenarios) is calculated. Quantitative analysis (value and cash flow based valuation) captured both the short-term and the long-term effects of the misuse cases. We demonstrate our modeling approach on the proof-of-the-concept case: web software solution for service delivery to social network sites.

Published in:

Future Network and Mobile Summit, 2010

Date of Conference:

16-18 June 2010