Projects per year
Abstract
The assurance technique is a fundamental component of the assurance ecosystem; it is the mechanism by which we assess security to derive a measure of assurance. Despite this importance, the characteristics of these assurance techniques have not been comprehensively explored within academic research from the perspective of industry stakeholders. Here, a framework of 20 “assurance techniques” is defined along with their interdependencies. A survey was conducted which received 153 responses from industry stakeholders, in order to determine perceptions of the characteristics of these assurance techniques. These characteristics include the expertise required, number of people required, time required for completion, effectiveness and cost. The extent to which perceptions differ between those in practitioner and management roles is considered. The findings were then used to compute a measure of cost-effectiveness for each assurance technique. Survey respondents were also asked about their perceptions of complementary assurance techniques. These findings were used to establish 15 combinations, of which the combined effectiveness and cost-effectiveness was assessed.
Original language | English |
---|---|
Pages (from-to) | 117-133 |
Number of pages | 17 |
Journal | Computers and Security |
Volume | 60 |
Early online date | 14 Apr 2016 |
DOIs | |
Publication status | Published - Jul 2016 |
Research Groups and Themes
- Cyber Security
Fingerprint
Dive into the research topics of 'Information assurance techniques: Perceived cost effectiveness'. Together they form a unique fingerprint.Projects
- 1 Finished
-
MUMBA: Multi-faceted Metrics for ICS Business Risk Analysis
Rashid, A. (Principal Investigator)
1/10/14 → 31/12/17
Project: Research