Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Towards a Measurement Technique for Risk Management



D G. Marks


The field of computer security is impeded by a lack of objective, quantitative measures. As a result, most systems, whether theoretical or actual, attempt to avoid, rather than manage, risk. Risk management requires looking at the complete protect, detect, and react system security features. If a non-deducibility security model is used, the effort necessary for certain successful attacks may be measured using statistical and probabilistic methods. The probability of detection (via the intrusion detection system) may similarly be defined. Additional noise will reduce the probability of a successful attack while raising the probability of detection. The Technique therefore provides quantifiable risk management, integrating both the protect and detect functions.
Proceedings Title
Proceedings of the 21st National Information Systems Security Conference
Conference Dates
October 18-21, 1999
Conference Location
Arlington, VA


intrusion detection, non-deducibility, risk management


Marks, D. (1999), Towards a Measurement Technique for Risk Management, Proceedings of the 21st National Information Systems Security Conference, Arlington, VA (Accessed February 23, 2024)
Created October 20, 1999, Updated February 19, 2017