Take a sneak peek at the new NIST.gov and let us know what you think!
(Please note: some content may not be complete on the beta site.).
NIST Authors in Bold
|Author(s):||D G. Marks;|
|Title:||Towards a Measurement Technique for Risk Management|
|Published:||October 20, 1999|
|Abstract:||The field of computer security is impeded by a lack of objective, quantitative measures. As a result, most systems, whether theoretical or actual, attempt to avoid, rather than manage, risk. Risk management requires looking at the complete protect, detect, and react system security features. If a non-deducibility security model is used, the effort necessary for certain successful attacks may be measured using statistical and probabilistic methods. The probability of detection (via the intrusion detection system) may similarly be defined. Additional noise will reduce the probability of a successful attack while raising the probability of detection. The Technique therefore provides quantifiable risk management, integrating both the protect and detect functions.|
|Proceedings:||Proceedings of the 21st National Information Systems Security Conference|
|Dates:||October 18-21, 1999|
|Keywords:||intrusion detection,non-deducibility,risk management|
|Research Areas:||Information Technology, Computer Security|