TY - GEN
T1 - Quantitative assessment for organisational security & dependability
AU - Asnar, Y.
AU - Felici, M.
AU - Massacci, F.
AU - Tedeschi, A.
AU - Yautsiukhin, A.
PY - 2009
Y1 - 2009
N2 - There are numerous metrics proposed to assess security and dependability of technical systems (e.g., number of defects per thousand lines of code). Unfortunately, most of these metrics are too low-level, and lack on capturing high-level system abstractions required for organisation analysis. The analysis essentially enables the organisation to detect and eliminate possible threats by system re-organisations or re-configurations. In other words, it is necessary to assess security and dependability of organisational structures next to implementations and architectures of systems. This paper focuses on metrics suitable for assessing security and dependability aspects of a socio-technical system and supporting decision making in designing processes. We also highlight how these metrics can help in making the system more effective in providing security and dependability by applying socio-technical solutions (i.e., organisation design patterns). © 2009 IEEE.
AB - There are numerous metrics proposed to assess security and dependability of technical systems (e.g., number of defects per thousand lines of code). Unfortunately, most of these metrics are too low-level, and lack on capturing high-level system abstractions required for organisation analysis. The analysis essentially enables the organisation to detect and eliminate possible threats by system re-organisations or re-configurations. In other words, it is necessary to assess security and dependability of organisational structures next to implementations and architectures of systems. This paper focuses on metrics suitable for assessing security and dependability aspects of a socio-technical system and supporting decision making in designing processes. We also highlight how these metrics can help in making the system more effective in providing security and dependability by applying socio-technical solutions (i.e., organisation design patterns). © 2009 IEEE.
U2 - 10.1109/DEPEND.2009.12
DO - 10.1109/DEPEND.2009.12
M3 - Conference contribution
SN - 9780769536668
T3 - Proceedings - 2009 2nd International Conference on Dependability, DEPEND 2009
SP - 40
EP - 45
BT - Proceedings - 2009 2nd International Conference on Dependability, DEPEND 2009
T2 - 2009 2nd International Conference on Dependability, DEPEND 2009
Y2 - 18 June 2009 through 23 June 2009
ER -