ScholarSpace will be down for maintenance on Thursday (8/16) at 8am HST (6pm UTC)
Please use this identifier to cite or link to this item:

A Decision-Theoretic Approach to Measuring Security

File SizeFormat 
paper0752.pdf458.48 kBAdobe PDFView/Open

Item Summary

Title: A Decision-Theoretic Approach to Measuring Security
Authors: Port, Dan
Wilf, Joel
Keywords: Security
Issue Date: 04 Jan 2017
Abstract: The question “is this system secure?” is notoriously difficult to answer. The question implies that there is a system-wide property called “security,” which we can measure with some meaningful threshold of sufficiency. In this concept paper, we discuss the difficulty of measuring security sufficiency, either directly or through proxy such as the number of known vulnerabilities. We propose that the question can be better addressed by measuring confidence and risk in the decisions that depend on security. A novelty of this approach is that it integrates use of both subjective information (e.g. expert judgment) and empirical data. We investigate how this approach uses well-known methods from the discipline of decision-making under uncertainty to provide a more rigorous and useable measure of security sufficiency.
Pages/Duration: 10 pages
ISBN: 978-0-9981331-0-2
DOI: 10.24251/HICSS.2017.737
Rights: Attribution-NonCommercial-NoDerivatives 4.0 International
Appears in Collections:IS Risk and Decision-Making Minitrack

Please email if you need this content in an ADA-compliant format.

Items in ScholarSpace are protected by copyright, with all rights reserved, unless otherwise indicated.