TY - JOUR KW - assurance level KW - assurance requirements KW - evaluation process KW - Information Security KW - ontological modelling AU - Alexandr Potij AU - Dmitrij Komin AU - Inna Rebriy AB -
This paper presents ontological modelling results from the security assurance domain. It examines problems associated with the process of evaluating assurance. Towards this purpose we propose a functional-linguistic approach to the evaluation of security assurance level. The approach is grounded in the ontological modelling of assurance requirements which are liable to evaluation, in the functional modelling of the evaluation process in IDEF0 and IDEF3 notations and in the introduction of linguistic variables to represent qualitative properties. We consider performance requirements on the scope, depth and rigour of the evaluation process and the requirements for objectivity, repeatability, reproducibility, impartiality and comparability of evaluation results. Thus, we propose a method of evaluating assurance requirements that incorporates object-oriented assurance ontological modelling, process-oriented assurance ontological modelling, development of decision criteria, and workflow modelling.
BT - Information & Security: An International Journal DA - 2012 DO - http://dx.doi.org/10.11610/isij.2809 IS - 1 LA - eng M1 - 9 N2 -This paper presents ontological modelling results from the security assurance domain. It examines problems associated with the process of evaluating assurance. Towards this purpose we propose a functional-linguistic approach to the evaluation of security assurance level. The approach is grounded in the ontological modelling of assurance requirements which are liable to evaluation, in the functional modelling of the evaluation process in IDEF0 and IDEF3 notations and in the introduction of linguistic variables to represent qualitative properties. We consider performance requirements on the scope, depth and rigour of the evaluation process and the requirements for objectivity, repeatability, reproducibility, impartiality and comparability of evaluation results. Thus, we propose a method of evaluating assurance requirements that incorporates object-oriented assurance ontological modelling, process-oriented assurance ontological modelling, development of decision criteria, and workflow modelling.
PY - 2012 SP - 108 EP - 120 T2 - Information & Security: An International Journal TI - A Method of Evaluating Assurance Requirements VL - 28 ER -