Defining Standard Security Assurance Profile Towards Operational Security Assurance Evaluation of Large Telco Systems

Operational security assurance evaluation is a task that consists of providing explicit evidence that the deployed, operational security mechanisms fulfill their respective security objectives. Evaluating security assurance of large live telecom systems is an arduous task, which requires complex and detailed modeling, corresponding measurements and interpretation of results. We propose to use a dedicated design pattern called Assurance Profile for security assurance modeling. This proposal originates from a common industrial-academic research project and has just become a new telecommunications standard. In this paper, we propose a new holistic evaluation methodology relying on standard assurance profiles. Moreover, we discuss how this methodology, owing to standardization, could lead towards a practicable approach to security assurance evaluation of telecom systems.