Download presentation
Download article

An IT security vulnerability can be considered as an inherent weakness in a target system that could be exploited by a threat source. Most vulnerable capabilities/attributes of a system can be identified for instance with security controls in order to evaluate the level of their weaknesses. Thus, understanding the current quality acceptability level achieved for vulnerable attributes can help in turn assessing the risk and planning actions for improvement, i.e. the risk reduction by implementing the risk treatment from the impact standpoint. The underlying hypothesis in our proposal is that each identified attribute associated with the target entity to be controlled should show the highest quality satisfaction level as an elementary indicator. The higher the quality indicator value achieved per each attribute, the lower the vulnerability indicator value and therefore the potential impact. In the present work, we discuss the added value of supporting the IT security and risk assessment areas with measurement and evaluation methods and strategy, which are based on metrics and indicators. Also we illustrate excerpts of an actual case study for measurement and evaluation of a system security characteristic and attributes, and its potential risk assessment.

Luis Olsina

Luis Olsina

Dr. Luis Olsina is Full Professor in the Engineering School at the National University of La Pampa (UNLPam), Argentina, and heads the Software and Web Engineering R&D group. His research interests include Web engineering, particularly, Web quality strategies, quality improvement, measurement and evaluation processes, evaluation methods and tools. In the last 16 years, he has published over 90 refereed papers, and participated in numerous regional and international events both as program committee chair and member. Recently, Luis and his colleagues have co-edited the book titled Web Engineering: Modeling and Implementing Web Applications published by Springer.

Elena Pesotskaya

Elena Pesotskaya is Senior lecturer in the School of Software Engineering, Software Management Department at National Research University Higher School of Economics, Moscow, Russia Federation. She develops the training courses on Computer Science for the HSE Master and Bachelors Programs. Elena is working at Accenture as a project manager; from 2002 participates in IT projects with the focus on organization and methodology.

Guillermo Covella

Guillermo Covella

Guillermo Covella is a part-time Professor in the Engineering School at the National University of La Pampa (UNLPam), Argentina, and also works at the GIDIS_Web R&D group. His research interests include Web quality, quality assurance and audit processes. Currently, he leads the software development department in the General Pico city hall, in La Pampa province, Argentina. He holds a master’s degree (MSE) at National University of La Plata (UNLP), Argentina, and his thesis dissertation was on Quality in Use for Web apps. He has published about 15 refereed papers and participated in numerous regional and national conferences as presenter.

Alexander Dieser

Alexander Dieser

Alexander Dieser holds a System Analyst and Programmer diploma and he is currently finishing the final project to get the System Engineer degree in the Engineering School at the National University of La Pampa (UNLPam), Argentina. He has also a research scholarship in the GIDIS_Web group. Recently he started his professional position as software programmer in a regional IT company. He has participated as co-author in a couple of international papers.