This Article 
 Bibliographic References 
 Add to: 
Risk-based Systems Security Engineering: Stopping Attacks with Intention
November-December 2004 (vol. 2 no. 6)
pp. 59-62
Government and industry increasingly rely on modern information systems (IS) for mission successes. But their critical IS must survive in hostile environments; thus, mission owners need systems security engineers to build systems that are secure against real-world attacks but not over-engineered against a particular one. By understanding which attacks are most likely and which risks are most serious, mission owners can make cost-effective countermeasures decisions. We describe a systems security-engineering methodology for enumerating system attacks, assessing risks, and choosing countermeasures that best mitigate the risks.
Index Terms:
Mordor, security systems, attack intentions, profiles, threat assessment
Shelby Evans, David Heinbuch, Elizabeth Kyule, John Piorkowski, James Wallner, "Risk-based Systems Security Engineering: Stopping Attacks with Intention," IEEE Security & Privacy, vol. 2, no. 6, pp. 59-62, Nov.-Dec. 2004, doi:10.1109/MSP.2004.109
Usage of this product signifies your acceptance of the Terms of Use.