ABSTRACT
However, it is very complex, and not always possible to define all scenarios for all
IT processes. A scenario not defined can cause an evaluation of the security mech-
anisms of the specific IT process to not take place. The QoP evaluation of security
mechanisms can be done as the part of either the risk analysis process or the deci-
sion support system in which appropriate configuration mechanisms are defined in
an adaptable way. Thus due to the lack of QoP evaluation of security mechanisms the
action relevent to the situation would not be performed by the risk analysis process
or decision support system. This advantage is of particular importance in the real-
time systems. In this chapter, the model of QoP evaluation of security mechanisms
is presented and the evaluation can be made for not directly defined configurations
of security mechanisms. The basis of the model can be found in [47]. Moreover,
the Security Mechanisms Evaluation Tool (SMETool) is implemented to support the
method presented and can be applied by either a researcher or security engineers.
The SMETool can be downloaded from the web page of the Quality of Protection
Modeling Language Project [7].