A Decision-Theoretic Approach to Measuring Security

dc.contributor.authorPort, Dan
dc.contributor.authorWilf, Joel
dc.date.accessioned2016-12-29T02:15:14Z
dc.date.available2016-12-29T02:15:14Z
dc.date.issued2017-01-04
dc.description.abstractThe question “is this system secure?” is notoriously difficult to answer. The question implies that there is a system-wide property called “security,” which we can measure with some meaningful threshold of sufficiency. In this concept paper, we discuss the difficulty of measuring security sufficiency, either directly or through proxy such as the number of known vulnerabilities. We propose that the question can be better addressed by measuring confidence and risk in the decisions that depend on security. A novelty of this approach is that it integrates use of both subjective information (e.g. expert judgment) and empirical data. We investigate how this approach uses well-known methods from the discipline of decision-making under uncertainty to provide a more rigorous and useable measure of security sufficiency.
dc.format.extent10 pages
dc.identifier.doi10.24251/HICSS.2017.737
dc.identifier.isbn978-0-9981331-0-2
dc.identifier.urihttp://hdl.handle.net/10125/41901
dc.language.isoeng
dc.relation.ispartofProceedings of the 50th Hawaii International Conference on System Sciences
dc.rightsAttribution-NonCommercial-NoDerivatives 4.0 International
dc.rights.urihttps://creativecommons.org/licenses/by-nc-nd/4.0/
dc.subjectSecurity
dc.subjectAssurance
dc.subjectDecision
dc.subjectRisk
dc.subjectMesurement
dc.titleA Decision-Theoretic Approach to Measuring Security
dc.typeConference Paper
dc.type.dcmiText

Files

Original bundle
Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
paper0752.pdf
Size:
458.48 KB
Format:
Adobe Portable Document Format