迂回风险评估

2008 First International Conference on the Applications of Digital Information and Web Technologies (ICADIWT) Pub Date : 2008-10-31 DOI:10.1109/ICADIWT.2008.4664406

A.E. Forman

{"title":"迂回风险评估","authors":"A.E. Forman","doi":"10.1109/ICADIWT.2008.4664406","DOIUrl":null,"url":null,"abstract":"With risk assessment such a crucial part of any IT operation, it is necessary to re-evaluate some of the methods used to procure genuine responses from those under assessment. Many current risk assessment methodologies are set up to fail from the beginning. When performing a risk assessment, the evaluator is dependent on the integrity of the IT team s/he is questioning as part of the assessment. A new methodology called the Round-About Risk Evaluation (R.A.R.E.), implements techniques to reduce the Social Desirability Bias (SDB) that can lead to an assessment that does not represent the depth of security vulnerabilities. Implementation of R.A.R.E. prior to the start of a new a risk assessment, can be used to help the risk assessment team discover vulnerabilities that might otherwise go unreported.","PeriodicalId":189871,"journal":{"name":"2008 First International Conference on the Applications of Digital Information and Web Technologies (ICADIWT)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2008-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"R.A.R.E.: Round-About Risk Evaluation\",\"authors\":\"A.E. Forman\",\"doi\":\"10.1109/ICADIWT.2008.4664406\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"With risk assessment such a crucial part of any IT operation, it is necessary to re-evaluate some of the methods used to procure genuine responses from those under assessment. Many current risk assessment methodologies are set up to fail from the beginning. When performing a risk assessment, the evaluator is dependent on the integrity of the IT team s/he is questioning as part of the assessment. A new methodology called the Round-About Risk Evaluation (R.A.R.E.), implements techniques to reduce the Social Desirability Bias (SDB) that can lead to an assessment that does not represent the depth of security vulnerabilities. Implementation of R.A.R.E. prior to the start of a new a risk assessment, can be used to help the risk assessment team discover vulnerabilities that might otherwise go unreported.\",\"PeriodicalId\":189871,\"journal\":{\"name\":\"2008 First International Conference on the Applications of Digital Information and Web Technologies (ICADIWT)\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2008-10-31\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2008 First International Conference on the Applications of Digital Information and Web Technologies (ICADIWT)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICADIWT.2008.4664406\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2008 First International Conference on the Applications of Digital Information and Web Technologies (ICADIWT)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICADIWT.2008.4664406","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

摘要

由于风险评估是任何IT操作的关键部分，因此有必要重新评估用于从被评估者那里获得真实响应的一些方法。许多当前的风险评估方法从一开始就注定失败。当执行风险评估时，评估者依赖于他/她作为评估的一部分所询问的IT团队的完整性。一种名为迂回风险评估(Round-About Risk Evaluation, R.A.R.E.)的新方法采用了减少社会可取性偏差(Social Desirability Bias, SDB)的技术，这种偏差可能导致评估结果不能代表安全漏洞的深度。在开始新的风险评估之前，可以使用R.A.R.E.的实现来帮助风险评估团队发现可能未报告的漏洞。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

R.A.R.E.: Round-About Risk Evaluation

With risk assessment such a crucial part of any IT operation, it is necessary to re-evaluate some of the methods used to procure genuine responses from those under assessment. Many current risk assessment methodologies are set up to fail from the beginning. When performing a risk assessment, the evaluator is dependent on the integrity of the IT team s/he is questioning as part of the assessment. A new methodology called the Round-About Risk Evaluation (R.A.R.E.), implements techniques to reduce the Social Desirability Bias (SDB) that can lead to an assessment that does not represent the depth of security vulnerabilities. Implementation of R.A.R.E. prior to the start of a new a risk assessment, can be used to help the risk assessment team discover vulnerabilities that might otherwise go unreported.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2008 First International Conference on the Applications of Digital Information and Web Technologies (ICADIWT)

自引率

0.00%

发文量