Exploring the role of assurance context in system security assurance evaluation: a conceptual model
Information and Computer Security
ISSN: 2056-4961
Article publication date: 3 October 2023
Issue publication date: 17 April 2024
Abstract
Purpose
Security assurance evaluation (SAE) is a well-established approach for assessing the effectiveness of security measures in systems. However, one aspect that is often overlooked in these evaluations is the assurance context in which they are conducted. This paper aims to explore the role of assurance context in system SAEs and proposes a conceptual model to integrate the assurance context into the evaluation process.
Design/methodology/approach
The conceptual model highlights the interrelationships between the various elements of the assurance context, including system boundaries, stakeholders, security concerns, regulatory compliance and assurance assumptions and regulatory compliance.
Findings
By introducing the proposed conceptual model, this research provides a framework for incorporating the assurance context into SAEs and offers insights into how it can influence the evaluation outcomes.
Originality/value
By delving into the concept of assurance context, this research seeks to shed light on how it influences the scope, methodologies and outcomes of assurance evaluations, ultimately enabling organizations to strengthen their system security postures and mitigate risks effectively.
Keywords
Acknowledgements
This research work is financially supported by the Research Council of Norway through the SFI-Norwegian Centre for Cybersecurity in Critical Sectors (NORCICS, NFR project number: 310105).
Conflict of interests: The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.
Funding: The Research Council of Norway financially supports this research work through the SFI-Norwegian Centre for Cybersecurity in Critical Sectors (NORCICS, NFR project number: 310105).
Citation
Wen, S.-F. and Katt, B. (2024), "Exploring the role of assurance context in system security assurance evaluation: a conceptual model", Information and Computer Security, Vol. 32 No. 2, pp. 159-178. https://doi.org/10.1108/ICS-06-2023-0101
Publisher
:Emerald Publishing Limited
Copyright © 2023, Emerald Publishing Limited