Risk-based security engineering through the eyes of the adversary

Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop Pub Date : 2005-06-15 DOI:10.1109/IAW.2005.1495947

S. Evans, James Wallner

引用次数: 36

Abstract

Today, security engineering for complex systems is typically done as an ad hoc process. Taking a risk-based security engineering approach replaces today's ad hoc methods with a more rigorous and disciplined approach that uses a multi-criterion decision model. This approach builds on existing techniques for integrating risk analysis with classical systems engineering. A resulting security metric can be compared with cost and performance metrics in making engineering trade-off decisions.

查看原文本刊更多论文

通过对手的眼睛进行基于风险的安全工程

今天，复杂系统的安全工程通常是作为一个特别的过程来完成的。采用基于风险的安全工程方法，用一种使用多标准决策模型的更严格、更有纪律的方法取代目前的临时方法。这种方法建立在集成风险分析和经典系统工程的现有技术的基础上。在做出工程权衡决策时，可以将得到的安全度量与成本和性能度量进行比较。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop

自引率

0.00%

发文量