NIST logo

Publication Citation: Security Assurance Levels: A Vector Approach to Describing Security Requirements

NIST Authors in Bold

Author(s): James D. Gilsinn; Ragnar Schierholz;
Title: Security Assurance Levels: A Vector Approach to Describing Security Requirements
Published: October 20, 2010
Abstract: Safety systems have used the concept of safety integrity levels (SILs) for almost two decades. This allows the safety of a component or system to be represented by a single number that defines a protection factor required to ensure the health and safety of people or the environment based on the probability of failure of that component or system. The overall risk can be calculated based on the consequences that those failures could potentially have. Security systems have much broader application, a much broader set of consequences, and a much broader set of possible circumstances leading up to a possible event. The increased complexity of security systems makes compressing the protection factor down to a single number much more difficult. The concept of a vector of Security Assurance Levels (SALs) to describe the protection factor needed to ensure the security of a system is introduced in this paper.
Citation: OTHER -
Pages: 13 pp.
Keywords: security; assurance; level; sal; vector; requirement; isa; isa99; industrial; automation; control; system; iacs
Research Areas: Computer Security, Cybersecurity, Cybersecurity, Collaborations, Standards Development Organizations (SDO), Threats & Vulnerabilities, Networking, International Standards, Homeland Security, Critical Infrastructure Protection (CIP), Documentary Standards, Industry, Standards, Information Technology, Public Safety/Security
PDF version: PDF Document Click here to retrieve PDF version of paper (662KB)