Marks, D.
(1999),
Towards a Measurement Technique for Risk Management, Proceedings of the 21st National Information Systems Security Conference, Arlington, VA
(Accessed April 24, 2024)
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Towards a Measurement Technique for Risk Management
Published
Author(s)
Abstract
The field of computer security is impeded by a lack of objective, quantitative measures. As a result, most systems, whether theoretical or actual, attempt to avoid, rather than manage, risk. Risk management requires looking at the complete protect, detect, and react system security features. If a non-deducibility security model is used, the effort necessary for certain successful attacks may be measured using statistical and probabilistic methods. The probability of detection (via the intrusion detection system) may similarly be defined. Additional noise will reduce the probability of a successful attack while raising the probability of detection. The Technique therefore provides quantifiable risk management, integrating both the protect and detect functions.Proceedings Title
Proceedings of the 21st National Information Systems Security Conference
Conference Dates
October 18-21, 1999
Conference Location
Arlington, VA
Pub Type
Conferences
Keywords
intrusion detection, non-deducibility, risk management
Citation
Created October 20, 1999, Updated February 19, 2017