Advanced
search

To read this content please select one of the options below:

Exploring the role of assurance context in system security assurance evaluation: a conceptual model

Shao-Fang Wen (Department of Information Security and Communication Technology, Norwegian University of Science and Technology, Gjøvik, Norway)
Basel Katt (Department of Information Security and Communication Technology, Norwegian University of Science and Technology, Gjøvik, Norway)

Information and Computer Security

ISSN: 2056-4961

Article publication date: 3 October 2023

Issue publication date: 17 April 2024

61

Abstract

Purpose

Security assurance evaluation (SAE) is a well-established approach for assessing the effectiveness of security measures in systems. However, one aspect that is often overlooked in these evaluations is the assurance context in which they are conducted. This paper aims to explore the role of assurance context in system SAEs and proposes a conceptual model to integrate the assurance context into the evaluation process.

Design/methodology/approach

The conceptual model highlights the interrelationships between the various elements of the assurance context, including system boundaries, stakeholders, security concerns, regulatory compliance and assurance assumptions and regulatory compliance.

Findings

By introducing the proposed conceptual model, this research provides a framework for incorporating the assurance context into SAEs and offers insights into how it can influence the evaluation outcomes.

Originality/value

By delving into the concept of assurance context, this research seeks to shed light on how it influences the scope, methodologies and outcomes of assurance evaluations, ultimately enabling organizations to strengthen their system security postures and mitigate risks effectively.

Keywords

Acknowledgements

This research work is financially supported by the Research Council of Norway through the SFI-Norwegian Centre for Cybersecurity in Critical Sectors (NORCICS, NFR project number: 310105).

Conflict of interests: The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.

Funding: The Research Council of Norway financially supports this research work through the SFI-Norwegian Centre for Cybersecurity in Critical Sectors (NORCICS, NFR project number: 310105).

Citation

Wen, S.-F. and Katt, B. (2024), "Exploring the role of assurance context in system security assurance evaluation: a conceptual model", Information and Computer Security, Vol. 32 No. 2, pp. 159-178. https://doi.org/10.1108/ICS-06-2023-0101

Publisher

:

Emerald Publishing Limited

Copyright © 2023, Emerald Publishing Limited

Related articles

Manage cookies

We’re listening — tell us what you think

Join us on our journey