Risk assessment for large heterogeneous systems

A
ACSAC
1997
13th Annual Computer Security Applications Conference (ACSAC '97)
Abstract - Risk assessment for large heterogeneous systems

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by J.W. Freeman Articles by T.C. Darr Articles by R.B. Neely

13th Annual Computer Security Applications Conference (ACSAC '97)

San Diego, CA

December 08-December 12

ISBN: 0-8186-8274-4

	ASCII Text	x
	J.W. Freeman, T.C. Darr, R.B. Neely, "Risk assessment for large heterogeneous systems," Computer Security Applications Conference, Annual, pp. 44, 13th Annual Computer Security Applications Conference (ACSAC '97), 1997.

	BibTex	x
	@article{ 10.1109/CSAC.1997.646172, author = {J.W. Freeman and T.C. Darr and R.B. Neely}, title = {Risk assessment for large heterogeneous systems}, journal ={Computer Security Applications Conference, Annual}, volume = {0}, year = {1997}, isbn = {0-8186-8274-4}, pages = {44}, doi = {http://doi.ieeecomputersociety.org/10.1109/CSAC.1997.646172}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Computer Security Applications Conference, Annual TI - Risk assessment for large heterogeneous systems SN - 0-8186-8274-4 SP EP A1 - J.W. Freeman, A1 - T.C. Darr, A1 - R.B. Neely, PY - 1997 KW - security of data; security risk assessment process; large heterogeneous systems; C/sup 4/I systems; weapon systems; subsystem-level approaches; risk assessment resource allocation; hybrid top-down system-wide approach; guided top-down approach; decision makers; approval-to-operate decision VL - 0 JA - Computer Security Applications Conference, Annual ER -

J.W. Freeman, Inf. Syst. Security Group, CTA Inc., Colorado Springs, CO, USA

T.C. Darr, Inf. Syst. Security Group, CTA Inc., Colorado Springs, CO, USA

R.B. Neely, Inf. Syst. Security Group, CTA Inc., Colorado Springs, CO, USA

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/CSAC.1997.646172

This paper describes a security risk assessment process for large, heterogeneous systems of systems, such as C/sup 4/I or weapon systems. It first defines the characteristics of an effective security risk assessment process. Next, it discusses subsystem-level and top-down risk assessment approaches and describes their advantages and limitations. The paper then presents and discusses the characteristics and benefits of a hybrid top-down system-wide approach, termed a "guided top-down" approach. It summarizes the benefits of this approach, including (i) efficient and effective allocation of risk assessment resources (often scarce) at the subsystem level during development and implementation, and (ii) its ability to provide decision makers with understandable results on which to base an approval-to-operate decision.

Index Terms:

security of data; security risk assessment process; large heterogeneous systems; C/sup 4/I systems; weapon systems; subsystem-level approaches; risk assessment resource allocation; hybrid top-down system-wide approach; guided top-down approach; decision makers; approval-to-operate decision

Citation:

J.W. Freeman, T.C. Darr, R.B. Neely, "Risk assessment for large heterogeneous systems," acsac, pp.44, 13th Annual Computer Security Applications Conference (ACSAC '97), 1997

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.