Combining Disparate Information Sources when Quantifying Operational Security

نویسنده

  • Siv Hilde Houmb
چکیده

Quantitative estimation of security attributes makes it possible to do cost-effective development of security critical systems. By predicting the impact and cost of potential misuses, as well as the cost and effect of security treatment strategies, one can treat security risks at the right time for the correct cost. The Aspect-Oriented Risk-Driven Development (AORDD) framework supports cost-effective development through its Bayesian Belief Network (BBN) based cost-benefit trade-off analysis and estimation repositories. Estimation of misuse and treatment strategy attributes is done using disparate information sources. The AORDD framework supports two types of information sources; empirical or observable data and expert opinions.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Combining Disparate Information Sources when Quantifying Security Risks

Managing risk involves making decision on which risks to treat, what treatment to use and how to finance the treatment. Decision-makers need quantitative values to be able to optimize their investment and to effectively distribute the resources available. Since security attacks are future events we have limited amount of information sources for estimation. In order to quantify frequency of occu...

متن کامل

Users as the Biggest Threats to Security of Health Information Systems

There are a lot of researches in the world about attacks on information systems (IS). Although there have been many attempts to classify threats of IS’s especially in Health Information Systems (HIS), it is still necessary for all health organization to identify new threats and their sources which threaten security of health care domain. The main aim of this paper is to present a research agend...

متن کامل

Quantifying the Security of Composed Systems

The authors recommend to quantify the security of a complex system by first quantifying the security of its components, and, in a second step, by calculating the overall security according to a given method. This paper summarizes the state of the art of security measures for components and presents a new method for combining these measures into the system’s security. The proposed method starts ...

متن کامل

Trust-Based Security Level Evaluation Using Bayesian Belief Networks

Security is not merely about technical solutions and patching vulnerabilities. Security is about trade-offs and adhering to realistic security needs, employed to support core business processes. Also, modern systems are subject to a highly competitive market, often demanding rapid development cycles, short life-time, short time-to-market, and small budgets. Security evaluation standards, such a...

متن کامل

Quantifying the correctness, computational complexity, and security of privacy-preserving string comparators for record linkage

Record linkage is the task of identifying records from disparate data sources that refer to the same entity. It is an integral component of data processing in distributed settings, where the integration of information from multiple sources can prevent duplication and enrich overall data quality, thus enabling more detailed and correct analysis. Privacy-preserving record linkage (PPRL) is a vari...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2005