Home > Research > Publications & Outputs > Information assurance techniques

Electronic data

  • information-assurance-techniques

    Rights statement: This is the author’s version of a work that was accepted for publication in Computers and Security. Changes resulting from the publishing process, such as peer review, editing, corrections, structural formatting, and other quality control mechanisms may not be reflected in this document. Changes may have been made to this work since it was submitted for publication. A definitive version was subsequently published in Computers and Security, 60, 2016 DOI: 10.1016/j.cose.2016.03.009

    Accepted author manuscript, 1.44 MB, PDF document

    Available under license: CC BY-NC-ND: Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License

Links

Text available via DOI:

View graph of relations

Information assurance techniques: perceived cost effectiveness

Research output: Contribution to Journal/MagazineJournal articlepeer-review

Published

Standard

Information assurance techniques: perceived cost effectiveness. / Such, Jose M.; Gouglidis, Antonios; Knowles, William et al.
In: Computers and Security, Vol. 60, 07.2016, p. 117-133.

Research output: Contribution to Journal/MagazineJournal articlepeer-review

Harvard

APA

Vancouver

Such JM, Gouglidis A, Knowles W, Misra G, Rashid A. Information assurance techniques: perceived cost effectiveness. Computers and Security. 2016 Jul;60:117-133. Epub 2016 Apr 14. doi: 10.1016/j.cose.2016.03.009

Author

Bibtex

@article{eb22835176354a3db6701949d6844f6a,
title = "Information assurance techniques: perceived cost effectiveness",
abstract = "The assurance technique is a fundamental component of the assurance ecosystem; it is the mechanism by which we assess security to derive a measure of assurance. Despite this importance, the characteristics of these assurance techniques have not been comprehensively explored within academic research from the perspective of industry stakeholders. Here, a framework of 20 “assurance techniques” is defined along with their interdependencies. A survey was conducted which received 153 responses from industry stakeholders, in order to determine perceptions of the characteristics of these assurance techniques. These characteristics include the expertise required, number of people required, time required for completion, effectiveness and cost. The extent to which perceptions differ between those in practitioner and management roles is considered. The findings were then used to compute a measure of cost-effectiveness for each assurance technique. Survey respondents were also asked about their perceptions of complementary assurance techniques. These findings were used to establish 15 combinations, of which the combined effectiveness and cost-effectiveness was assessed.",
keywords = "Security, Assurance techniques, Perceptions, Security assessment, Effectiveness, Cost-effectiveness",
author = "Such, {Jose M.} and Antonios Gouglidis and William Knowles and Gaurav Misra and Awais Rashid",
note = "This is the author{\textquoteright}s version of a work that was accepted for publication in Computers and Security. Changes resulting from the publishing process, such as peer review, editing, corrections, structural formatting, and other quality control mechanisms may not be reflected in this document. Changes may have been made to this work since it was submitted for publication. A definitive version was subsequently published in Computers and Security, 60, 2016 DOI: 10.1016/j.cose.2016.03.009",
year = "2016",
month = jul,
doi = "10.1016/j.cose.2016.03.009",
language = "English",
volume = "60",
pages = "117--133",
journal = "Computers and Security",
issn = "0167-4048",
publisher = "Elsevier Ltd",

}

RIS

TY - JOUR

T1 - Information assurance techniques

T2 - perceived cost effectiveness

AU - Such, Jose M.

AU - Gouglidis, Antonios

AU - Knowles, William

AU - Misra, Gaurav

AU - Rashid, Awais

N1 - This is the author’s version of a work that was accepted for publication in Computers and Security. Changes resulting from the publishing process, such as peer review, editing, corrections, structural formatting, and other quality control mechanisms may not be reflected in this document. Changes may have been made to this work since it was submitted for publication. A definitive version was subsequently published in Computers and Security, 60, 2016 DOI: 10.1016/j.cose.2016.03.009

PY - 2016/7

Y1 - 2016/7

N2 - The assurance technique is a fundamental component of the assurance ecosystem; it is the mechanism by which we assess security to derive a measure of assurance. Despite this importance, the characteristics of these assurance techniques have not been comprehensively explored within academic research from the perspective of industry stakeholders. Here, a framework of 20 “assurance techniques” is defined along with their interdependencies. A survey was conducted which received 153 responses from industry stakeholders, in order to determine perceptions of the characteristics of these assurance techniques. These characteristics include the expertise required, number of people required, time required for completion, effectiveness and cost. The extent to which perceptions differ between those in practitioner and management roles is considered. The findings were then used to compute a measure of cost-effectiveness for each assurance technique. Survey respondents were also asked about their perceptions of complementary assurance techniques. These findings were used to establish 15 combinations, of which the combined effectiveness and cost-effectiveness was assessed.

AB - The assurance technique is a fundamental component of the assurance ecosystem; it is the mechanism by which we assess security to derive a measure of assurance. Despite this importance, the characteristics of these assurance techniques have not been comprehensively explored within academic research from the perspective of industry stakeholders. Here, a framework of 20 “assurance techniques” is defined along with their interdependencies. A survey was conducted which received 153 responses from industry stakeholders, in order to determine perceptions of the characteristics of these assurance techniques. These characteristics include the expertise required, number of people required, time required for completion, effectiveness and cost. The extent to which perceptions differ between those in practitioner and management roles is considered. The findings were then used to compute a measure of cost-effectiveness for each assurance technique. Survey respondents were also asked about their perceptions of complementary assurance techniques. These findings were used to establish 15 combinations, of which the combined effectiveness and cost-effectiveness was assessed.

KW - Security

KW - Assurance techniques

KW - Perceptions

KW - Security assessment

KW - Effectiveness

KW - Cost-effectiveness

U2 - 10.1016/j.cose.2016.03.009

DO - 10.1016/j.cose.2016.03.009

M3 - Journal article

VL - 60

SP - 117

EP - 133

JO - Computers and Security

JF - Computers and Security

SN - 0167-4048

ER -