The TSAR procedure - Test of security assessment relevance and validity

Authors:

  • Johan Bengtsson
  • Jonas Hallberg
  • Amund Hunstad
  • Jacob Löfvenberg

Publish date: 2009-01-08

Report number: FOI-R--2624--SE

Pages: 75

Written in: English

Keywords:

  • Security assessment
  • relevance
  • validity

Abstract

Nowadays there exist a great number of different security assessment methods. Different security assessment methods have, for example, different approaches to how to perform security assessments at the same time as the cost of performing an assessment can vary widely. In order to facilitate the choice of security assessment method, a formalized way of evaluating security assessment methods is needed. This report presents the testing procedure TSAR, which is used to evaluate security assessment methods and thereby facilitates the process of choosing a method. The TSAR procedure describes to what degree a security assessment method fulfills the general qualities relevance and validity. Thus, test results indicate whether a security assessment method provides the needed security assessment results as well as if the method is appropriate for the type of information system in question. To be able to calculate the identified qualities' degree of fulfillment, a set of characteristics is also provided for each one of the qualities.