36th Annual Hawaii International Conference on System Sciences, 2003. Proceedings of the (2003)
Big Island, Hawaii
Jan. 6, 2003 to Jan. 9, 2003
Rayford B. Vaughn, Jr. , Mississippi State University
Ronda Henning , Harris Corporation
Ambareen Siraj , Mississippi State University
The term "assurance" has been used for decades in trusted system development as an expression of confidence that one has in the strength of mechanisms or countermeasures. One of the unsolved problems of security engineering is the adoption of measures or metrics that can reliably depict the assurance associated with a specific hardware and software system. This paper reports on a recent attempt to focus requirements in this area by examining those currently in use. It then suggests a categorization of Information Assurance (IA) metrics that may be tailored to an organization?s needs 1. We believe that the provision of security mechanisms in systems is a subset of the systems engineering discipline having a large software-engineering correlation. There is general agreement that no single system metric or any "one-prefect" set of IA metrics applies across all systems or audiences. The set most useful for an organization largely depends on their IA goals, their technical, organizational and operational needs, and the financial, personnel, and technical resources that are available.
A. Siraj, R. Henning and R. B. Vaughn, Jr., "Information Assurance Measures and Metrics — State of Practice and Proposed Taxonomy," 36th Annual Hawaii International Conference on System Sciences, 2003. Proceedings of the(HICSS), Big Island, Hawaii, 2003, pp. 331c.