A method is described that takes into account the investments done in the security and/or achieved security confidence in planning new security measures. The method uses new integral security metrics and the well-known graded security model. A precondition for the application of this method is the availability of expert knowledge or statistical data for the model in use that describes a class of situations where the analyzed security situation belongs to. For a number of situations at present, this information has been extracted from standards of graded security. For specific military communications applications the data must be collected from a log analysis of characteristic attacks and security reports, as well as by the traditional knowledge acquisition means.
Kivimaa, J; Ojamaa, A.; Tõugu, E. (2009). Managing Evolving Security Situations. MILCOM 2009: Unclassified Proceedings, October 18-21, 2009, Boston, MA. Piscataway, NJ: IEEE, 2009, pp 1-7.