Dynamically changing environments and threat landscapes require adaptive information security. Adaptive information security\nmakes it possible to change and modify security mechanisms at runtime. Hence, all security decisions are not enforced at designtime.\nThis paper builds a framework to compare security adaptation approaches. The framework contains three viewpoints, that\nis, adaptation, security, and lifecycle. Furthermore, the paper describes five security adaptation approaches and compares them by\nmeans of the framework. The comparison reveals that the existing security adaptation approaches widely cover the information\ngathering. However, the compared approaches do not describe how to decide amethod to performa security adaptation. Similarly,\nmeans how to provide input knowledge for the security adaptation is not covered. Hence, these research areas have to be covered\nin the future. The achieved results are applicable for software developers when selecting a security adaptation approach and for\nresearchers when considering future research items.
Loading....