NIST logo

Publication Citation: Towards a Measurement Technique for Risk Management

NIST Authors in Bold

Author(s): D G. Marks;
Title: Towards a Measurement Technique for Risk Management
Published: October 20, 1999
Abstract: The field of computer security is impeded by a lack of objective, quantitative measures. As a result, most systems, whether theoretical or actual, attempt to avoid, rather than manage, risk. Risk management requires looking at the complete protect, detect, and react system security features. If a non-deducibility security model is used, the effort necessary for certain successful attacks may be measured using statistical and probabilistic methods. The probability of detection (via the intrusion detection system) may similarly be defined. Additional noise will reduce the probability of a successful attack while raising the probability of detection. The Technique therefore provides quantifiable risk management, integrating both the protect and detect functions.
Proceedings: Proceedings of the 21st National Information Systems Security Conference
Location: Arlington, VA
Dates: October 18-21, 1999
Keywords: intrusion detection;non-deducibility;risk management
Research Areas: Information Technology, Computer Security