A Decision-Theoretic Approach to Measuring Security

dc.contributor.author Port, Dan
dc.contributor.author Wilf, Joel
dc.date.accessioned 2016-12-29T02:15:14Z
dc.date.available 2016-12-29T02:15:14Z
dc.date.issued 2017-01-04
dc.description.abstract The question “is this system secure?” is notoriously difficult to answer. The question implies that there is a system-wide property called “security,” which we can measure with some meaningful threshold of sufficiency. In this concept paper, we discuss the difficulty of measuring security sufficiency, either directly or through proxy such as the number of known vulnerabilities. We propose that the question can be better addressed by measuring confidence and risk in the decisions that depend on security. A novelty of this approach is that it integrates use of both subjective information (e.g. expert judgment) and empirical data. We investigate how this approach uses well-known methods from the discipline of decision-making under uncertainty to provide a more rigorous and useable measure of security sufficiency.
dc.format.extent 10 pages
dc.identifier.doi 10.24251/HICSS.2017.737
dc.identifier.isbn 978-0-9981331-0-2
dc.identifier.uri http://hdl.handle.net/10125/41901
dc.language.iso eng
dc.relation.ispartof Proceedings of the 50th Hawaii International Conference on System Sciences
dc.rights Attribution-NonCommercial-NoDerivatives 4.0 International
dc.rights.uri https://creativecommons.org/licenses/by-nc-nd/4.0/
dc.subject Security
dc.subject Assurance
dc.subject Decision
dc.subject Risk
dc.subject Mesurement
dc.title A Decision-Theoretic Approach to Measuring Security
dc.type Conference Paper
dc.type.dcmi Text
Original bundle
Now showing 1 - 1 of 1
No Thumbnail Available
458.48 KB
Adobe Portable Document Format