In this paper, basic issues of measuring security as a system property are discussed. While traditional approaches to computer security metrics deal mostly with security at the enterprise or organizational level, fewer authors address security measurement at the operational level, that is, when the system is running. After reviewing some basic issues in security assessment, three possible ways of addressing the security measurement are outlined: theoretical, experimental and computational. The computational path in measuring security is pursued in more detail.
- software assurance
Available at: http://works.bepress.com/ajk/10/