Scarfone, K.
(2008),
Evidence-Based, Good Enough, and Open, Third Workshop on Security Metrics, San Jose, CA, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=890007
(Accessed June 9, 2023)
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Evidence-Based, Good Enough, and Open
Published
Author(s)
Abstract
One of the holy grail questions in computer security is how secure are my organization systems? This paper describes our new approach to answering this question. This approach is distinguished from previous efforts in three ways: 1) uses evidence-based security decision-making, 2) produces good enough answers, and 3) relies on open specifications and standards.Conference Dates
July 29, 2008
Conference Location
San Jose, CA
Conference Title
Third Workshop on Security Metrics
Pub Type
Conferences
Download Paper
Keywords
Risk assessment, Security Content Automation Protocol (SCAP), security metrology, technical security metrics
Citation
Created August 4, 2008, Updated February 19, 2017