Take a sneak peek at the new NIST.gov and let us know what you think!
(Please note: some content may not be complete on the beta site.).
NIST Authors in Bold
|Author(s):||Karen A. Scarfone;|
|Title:||Evidence-Based, Good Enough, and Open|
|Published:||August 04, 2008|
|Abstract:||One of the holy grail questions in computer security is how secure are my organization systems? This paper describes our new approach to answering this question. This approach is distinguished from previous efforts in three ways: 1) uses evidence-based security decision-making, 2) produces good enough answers, and 3) relies on open specifications and standards.|
|Conference:||Third Workshop on Security Metrics|
|Location:||San Jose, CA|
|Dates:||July 29, 2008|
|Keywords:||Risk assessment, Security Content Automation Protocol (SCAP), security metrology, technical security metrics|
|PDF version:||Click here to retrieve PDF version of paper (35KB)|