Litcius/Paper detail

Exploring the role of assurance context in system security assurance evaluation: a conceptual model

Shao-Fang Wen, Basel Katt

2023Information and Computer Security16 citationsDOIOpen Access PDF

Abstract

Purpose Security assurance evaluation (SAE) is a well-established approach for assessing the effectiveness of security measures in systems. However, one aspect that is often overlooked in these evaluations is the assurance context in which they are conducted. This paper aims to explore the role of assurance context in system SAEs and proposes a conceptual model to integrate the assurance context into the evaluation process. Design/methodology/approach The conceptual model highlights the interrelationships between the various elements of the assurance context, including system boundaries, stakeholders, security concerns, regulatory compliance and assurance assumptions and regulatory compliance. Findings By introducing the proposed conceptual model, this research provides a framework for incorporating the assurance context into SAEs and offers insights into how it can influence the evaluation outcomes. Originality/value By delving into the concept of assurance context, this research seeks to shed light on how it influences the scope, methodologies and outcomes of assurance evaluations, ultimately enabling organizations to strengthen their system security postures and mitigate risks effectively.

Topics & Concepts

Scope (computer science)Context (archaeology)Information assuranceConceptual modelSoftware security assuranceConceptual frameworkProcess managementProcess (computing)Quality assuranceOriginalityRisk analysis (engineering)Knowledge managementComputer scienceBusinessInformation securityEngineeringComputer securityOperations managementSecurity serviceQualitative researchSociologyBiologySocial scienceOperating systemPaleontologyDatabaseProgramming languageExternal quality assessmentInformation and Cyber SecuritySoftware Engineering Techniques and PracticesAdvanced Software Engineering Methodologies
Exploring the role of assurance context in system security assurance evaluation: a conceptual model | Litcius