Risk: A Good System Security Measure

	This Article
	PDF RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by O. Sami Saydjari

30th Annual International Computer Software and Applications Conference (COMPSAC'06)

Risk: A Good System Security Measure (PDF)

Chicago, Illinois

September 17-September 21

ISBN: 0-7695-2655-1

	ASCII Text	x
	O. Sami Saydjari, "Risk: A Good System Security Measure," Computer Software and Applications Conference, Annual International, vol. 1, pp. 37-38, 30th Annual International Computer Software and Applications Conference (COMPSAC'06), 2006.

	BibTex	x
	@article{ 10.1109/COMPSAC.2006.74, author = {O. Sami Saydjari}, title = {Risk: A Good System Security Measure}, journal ={Computer Software and Applications Conference, Annual International}, volume = {1}, year = {2006}, issn = {0730-3157}, pages = {37-38}, doi = {http://doi.ieeecomputersociety.org/10.1109/COMPSAC.2006.74}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Computer Software and Applications Conference, Annual International TI - Risk: A Good System Security Measure SN - 0730-3157 SP37 EP38 A1 - O. Sami Saydjari, PY - 2006 KW - null VL - 1 JA - Computer Software and Applications Conference, Annual International ER -

O. Sami Saydjari, Cyber Defense Agency, LLC, USA

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/COMPSAC.2006.74

What gets measured gets done. Security engineering as a discipline is still in its infancy. The field is hampered by its lack of adequate measures of goodness. Without such a measure, it is difficult to judge progress and it is particularly difficult to make engineering trade-off decisions when designing systems.

The qualities of a good metric include that it: (1) measures the right thing, (2) is quantitatively measurable, (3) can be measured accurately, (4) can be validated against ground truth, and (5) be repeatable.

By "measures the right thing", we mean that it measures some set of attributes that directly correlates to closeness to meeting some stated goal. For system security, we see the right goal as "freedom from the possibility of suffering damage or loss from malicious attack." Damage or loss applies to the mission effectiveness of the information infrastructure of a system. The mission can be maximizing profits while making quality cars or it could be defending an entire nation against foreign incursion.

Citation:

O. Sami Saydjari, "Risk: A Good System Security Measure," compsac, vol. 1, pp.37-38, 30th Annual International Computer Software and Applications Conference (COMPSAC'06), 2006

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.