NIST logo

Publication Citation: Evidence-Based, Good Enough, and Open

NIST Authors in Bold

Author(s): Karen A. Scarfone;
Title: Evidence-Based, Good Enough, and Open
Published: August 04, 2008
Abstract: One of the holy grail questions in computer security is how secure are my organization systems? This paper describes our new approach to answering this question. This approach is distinguished from previous efforts in three ways: 1) uses evidence-based security decision-making, 2) produces good enough answers, and 3) relies on open specifications and standards.
Conference: Third Workshop on Security Metrics
Location: San Jose, CA
Dates: July 29, 2008
Keywords: Risk assessment; Security Content Automation Protocol (SCAP); security metrology; technical security metrics
Research Areas: Cybersecurity
PDF version: PDF Document Click here to retrieve PDF version of paper (35KB)