Published: August 4, 2008
Author(s)
Karen Scarfone
Conference
Name: Third Workshop on Security Metrics (Metricon 3.0)
Dates: 07/29/2008
Location: San Jose, California, United States
Citation: Evidence-Based, Good Enough, and Open, pp. 2
One of the holy grail questions in computer security is how secure are my organization systems? This paper describes our new approach to answering this question. This approach is distinguished from previous efforts in three ways: 1) uses evidence-based security decision-making, 2) produces good enough answers, and 3) relies on open specifications and standards.
One of the holy grail questions in computer security is how secure are my organization systems? This paper describes our new approach to answering this question. This approach is distinguished from previous efforts in three ways: 1) uses evidence-based security decision-making, 2) produces good...
See full abstract
One of the holy grail questions in computer security is how secure are my organization systems? This paper describes our new approach to answering this question. This approach is distinguished from previous efforts in three ways: 1) uses evidence-based security decision-making, 2) produces good enough answers, and 3) relies on open specifications and standards.
Hide full abstract
Keywords
risk assessment; Security Content Automation Protocol (SCAP); security metrology; technical security metrics
Control Families
None selected
