Combining Disparate Information Sources when Quantifying Security Risks
作者: Siv Hilde Houmb
DOI:
关键词: Estimation 、 Risk analysis (engineering) 、 Frequency of occurrence 、 Empirical data 、 IT risk management 、 Focus (computing) 、 Computer science 、 Domain (software engineering) 、 Order (exchange) 、 Investment (macroeconomics)
摘要: Managing risk involves making decision on which risks to treat, what treatment use and how finance the treatment. Decision-makers need quantitative values be able optimize their investment effectively distribute resources available. Since security attacks are future events we have limited amount of information sources for estimation. In order quantify frequency occurrence, impact incident effect alternative options combine empirical subjective data obtain a reasonable data. this paper present an approach quantifying using data, such as experience from similar incidents, knowledge domain experts. We look at four different approaches by discussing result experiment conducted with undergraduate students NTNU, Norway. The overall focus is providing support cost-benefit analysis trade-off between cost maximizing available resources. However, main studying input into expert judgments.
参考文章(5)
Christopher J. Alberts, William R. Wilson, Sandra G. Behrens, Richard D. Pethia, Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) Framework, Version 1.0 Defense Technical Information Center. ,(1999) , 10.1184/R1/6575906.V1
K. Lano, K. Androutsopoulos, D. Clark, Structuring and Design of Reactive Systems Using RSDS and B fundamental approaches to software engineering. pp. 97- 111 ,(2000) , 10.1007/3-540-46428-X_8
Roger M. Cooke, Experts in Uncertainty: Opinion and Subjective Probability in Science ,(1991)
Folker den Braber, Siv-Hilde Houmb, Theo Dimitrakos, Yannis C. Stamatiou, Ketil St, Axel Gran, Rune Fredriksen, Model-Based Risk Assessment in a Component-Based Software Engineering Process The CORAS Approach to IdentifY Security Risks ,(2003)
Standards Australia New Zealand, Risk management guidelines: companion to AS/NZS 4360:2004 Standards Australia / Standards New Zealand. ,(2004)