Publication Type: Journal Article
Source: Information & Security: An International Journal, Volume 28, Issue 1, Number 9, p.108-120 (2012)
Keywords: assurance level.
, assurance requirements
, evaluation process
, Information Security
, ontological modelling
This paper presents ontological modelling results from the security assurance domain. It examines problems associated with the process of evaluating assurance. Towards this purpose we propose a functional-linguistic approach to the evaluation of security assurance level. The approach is grounded in the ontological modelling of assurance requirements which are liable to evaluation, in the functional modelling of the evaluation process in IDEF0 and IDEF3 notations and in the introduction of linguistic variables to represent qualitative properties. We consider performance requirements on the scope, depth and rigour of the evaluation process and the requirements for objectivity, repeatability, reproducibility, impartiality and comparability of evaluation results. Thus, we propose a method of evaluating assurance requirements that incorporates object-oriented assurance ontological modelling, process-oriented assurance ontological modelling, development of decision criteria, and workflow modelling.