An official website of the United States government
Here’s how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Towards a Measurement Technique for Risk Management
Published
Author(s)
D G. Marks
Abstract
The field of computer security is impeded by a lack of objective, quantitative measures. As a result, most systems, whether theoretical or actual, attempt to avoid, rather than manage, risk. Risk management requires looking at the complete protect, detect, and react system security features. If a non-deducibility security model is used, the effort necessary for certain successful attacks may be measured using statistical and probabilistic methods. The probability of detection (via the intrusion detection system) may similarly be defined. Additional noise will reduce the probability of a successful attack while raising the probability of detection. The Technique therefore provides quantifiable risk management, integrating both the protect and detect functions.
Proceedings Title
Proceedings of the 21st National Information Systems Security Conference
Marks, D.
(1999),
Towards a Measurement Technique for Risk Management, Proceedings of the 21st National Information Systems Security Conference, Arlington, VA
(Accessed February 19, 2025)