Related characteristics
suitability
accuracy
compliance
interoperability
security
traceability
Security
Description
Attributes of software that bear on its ability to prevent unauthorised access, whether accidental or deliberate, to programs and data.
Indicators
1. resistance
Estimate of the probability that with a certain amount of effort (time, money, equipment) the software security measurements will not be bypassed.
Source: QUINT
Scale: ratio
Validity: **
Protocol:
1. Find a security expert;
2. The expert determines the probability based on the software security measurements.
Note: The participants could also decide to consult the security expert on which measurements and design decisions to implement to ensure a certain degree of security.
2. hacker-resistance
A group of renowned hackers will be unable to infringe on the software product within a redefined period of time, while physical access to the software product does exist.
Source: QUINT
Scale: ordinal
Validity: **
Protocol:
1. Select a group of renowned hackers;
2. Determine the time put at their disposal;
3. When after this period of trials, not one hacker succeeds in infringing on the software product, it is said to be hacker-resistant.
Note: These indicators only deal with software measurements. Security can be considerably improved byphysical and organisational measurements.
3. ciphered data ratio
The ratio of ciphered data to the data to be ciphered.
Source: ISO
Note: A higher value is preferred.
4. access history ratio
The ratio of confidential information that have access histories to all confidential information.
Source: ISO
5. data damage ratio
How many times per month was any data damaged.
Source: ISO