Skip to main content
SpringerLink
Log in

Cybersecurity Framework Requirements to Quantify Vulnerabilities Based on GQM

  • Conference paper
  • First Online:
National Cyber Summit (NCS) Research Track (NCS 2019)

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 1055))

Included in the following conference series:

Abstract

Of particular importance for an organization in building an effective and comprehensive secure system is to addressing a mechanism to provide a standard framework that is free from vulnerabilities. Cybersecurity experts and security requirement engineers have been addressing security issues that originated from cybersecurity requirements. Many security issues can be avoided if the security requirements are configured appropriately. In this paper, we proposed a hierarchy security requirements model based on the Goal Question Metrics (GQM) and its application mapped with the security standards towards constructing vulnerability measurements at the early stage of security development of the system design.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Target and Neiman Marcus hacks: The latest. CNNMoney. https://money.cnn.com/2014/01/13/news/target-neiman-marcus-hack/index.html. Accessed 11 Feb 2019

  2. Symantic Inc.: Symantec Global Internet Security Threat Report Trends for 2009. Symantec Global Internet Security Threat Report, vol. XV, p. 7 (2010)

    Google Scholar 

  3. Boehm, B.W., Papaccio, P.N.: Understanding and controlling software costs. IEEE Trans. Softw. Eng. 14(10), 1462–1477 (1988)

    Article  Google Scholar 

  4. McConnell, S.: From the editor - an ounce of prevention. IEEE Softw. 18(3), 5–7 (2001)

    Article  Google Scholar 

  5. Mendonca, M.G., Basili, V.R.: Validation of an approach for improving existing measurement frameworks. IEEE Trans. Softw. Eng. 26(6), 484–499 (2000). https://doi.org/10.1109/32.852739

    Article  Google Scholar 

  6. Basili, V.R., Green, S.: Software process evolution at the SEL. In: Foundations of Empirical Software Engineering, pp. 142–154 (1994)

    Google Scholar 

  7. Shepperd, M.: Practical software metrics for project management and process improvement. Inf. Softw. Technol. 35(11–12), 701 (1993)

    Article  Google Scholar 

  8. Yahya, F., Walters, R.J., Wills, G.B.: Using goal-question-metric (GQM) approach to assess security in cloud storage. In: Enterprise Security Lecture Notes in Computer Science, pp. 223–240 (2017)

    Chapter  Google Scholar 

  9. Abdulrazeg, A.: Security measurement based on GQM to improve application security during requirements stage. Int. J. Cyber Secur. Dig. Forensics JCSDF 1, 211–220 (2012)

    Google Scholar 

  10. International Organization for Standardization. Developing standards, 10 January 2019. http://www.iso.org/. Accessed 12 Feb 2019

  11. National Institute of Standards and Technology. NIST, 12 February 2019. http://www.nist.gov/. Accessed 15 Feb 2019

  12. Stallings, W., Brown, L.: Computer Security: Principles and Practice. Pearson, London (2018). Chp 14

    Google Scholar 

  13. Ernst, J.M., Michaels, A.J.: Framework for evaluating the severity of cybervulnerability of a traffic cabinet. Transp. Res. Rec.: J. Transp. Res. Board 2619(1), 55–63 (2017)

    Article  Google Scholar 

  14. Ghena, B.: Green lights forever: analyzing the security of traffic infrastructure. In: Proceeding of the 8th Workshop on Offensive Technology (WOOT 2014), August 2014

    Google Scholar 

  15. Fok, E.: An introduction to cybersecurity issues in modern transportation systems. ITE J. (2013). https://trid.trb.org/view/1257258. Accessed 22 Oct 2018

  16. Hacking US (and UK, Australia, France, etc.) Traffic Control Systems. IOActive, 15 June 2018. https://ioactive.com/hacking-us-and-uk-australia-france-etc/. Accessed 22 Oct 2018

  17. Chen, Q.A., Yin, Y., Feng, Y., Mao, Z.M., Liu, H.X.: Exposing congestion attack on emerging connected vehicle based traffic signal control. In: Proceedings 2018 Network and Distributed System Security Symposium (2018)

    Google Scholar 

  18. Comprehensive Experimental Analyses of Automotive Attack …. http://www.autosec.org/pubs/cars-usenixsec2011.pdf. Accessed 22 Oct 2018

  19. An Emerging US (and World) Threat: Cities Wide Open to …. https://ioactive.com/pdfs/IOActive_HackingCitiesPaper_CesarCerrudo.pdf. Accessed 22 Oct 2018

  20. Li, Z., Jin, D., Hannon, C., Shahidehpour, M., Wang, J.: Assessing and mitigating cybersecurity risks of traffic light systems in smart cities. IET Cyber-Phys. Syst.: Theory Appl. 1(1), 60–69 (2016)

    Google Scholar 

  21. Cyber Risk and Insurance for Transportation Infrastructure. https://web-oup.s3-us-gov-west-1.amazonaws.com/showc/assets/File/CIRI_Tonn_Cyber%20%Risk%20%Insurance%20%for%20%Transportation%20%Infrastructure.pdf. Accessed 22 Oct 2018

  22. Reilly, J., Martin, S., Payer, M., Bayen, A.M.: Creating complex congestion patterns via multi-objective optimal freeway traffic control with application to cyber-security. Transp. Res. Part B: Methodol. 91, 366–382 (2016)

    Article  Google Scholar 

  23. Xiao, Z., Xiao, Y.: Security and privacy in cloud computing. IEEE Commun. Surv. Tutor. 15, 843–859 (2012)

    Article  Google Scholar 

  24. Computer Security and Intrusion Detection. Intrusion Detection and Correlation Advances in Information Security, vol. 14, pp. 9–28. Springer, Boston (2005). (Chapter 2)

    Google Scholar 

  25. Schaen, I., Mckenney, B.: Network auditing: issues and recommendations. In: Proceedings Seventh Annual Computer Security Applications Conference. Data Centers: Best Practices for Security and Performance. http://www.echomountain.com/pdfs/CiscoBestPractices.pdf. Accessed 15 Feb 2019

  26. Oivo, M., Basili, V.: Representing software engineering models: the TAME goal oriented approach. IEEE Trans. Softw. Eng. 18(10), 886–898 (1992)

    Article  Google Scholar 

  27. Ahl, V.: An experimental comparison of five prioritization methods. Master’s thesis, School of Engineering, Blekinge Institute of Technology, Ronneby, Sweden (2005)

    Google Scholar 

  28. Fabian, B., Gurses, S., Heisel, M., Santen, T., Schmidt, H.: A comparison of security requirements engineering methods. Requirements Eng. 15(1), 7–40 (2010)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, University of Alabama in Huntsville, Huntsville, USA

    Mohammad Shojaeshafiei & Letha Etzkorn

  2. Department of Civil and Environmental Engineering, University of Alabama in Huntsville, Huntsville, USA

    Michael Anderson

Authors
  1. Mohammad Shojaeshafiei
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Letha Etzkorn
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Michael Anderson
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mohammad Shojaeshafiei .

Editor information

Editors and Affiliations

  1. The University of Texas at San Antonio, San Antonio, TX, USA

    Kim-Kwang Raymond Choo

  2. University of Alabama in Huntsville, Huntsville, AL, USA

    Thomas H. Morris

  3. Air Force Institute of Technology, Wright-Patterson AFB, OH, USA

    Gilbert L. Peterson

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Shojaeshafiei, M., Etzkorn, L., Anderson, M. (2020). Cybersecurity Framework Requirements to Quantify Vulnerabilities Based on GQM. In: Choo, KK., Morris, T., Peterson, G. (eds) National Cyber Summit (NCS) Research Track. NCS 2019. Advances in Intelligent Systems and Computing, vol 1055. Springer, Cham. https://doi.org/10.1007/978-3-030-31239-8_20

Download citation

Publish with us

Policies and ethics

Search

Navigation