Published: August 04, 2008
Author(s)
Karen Scarfone
Conference
Name: Third Workshop on Security Metrics (Metricon 3.0)
Dates: July 29, 2008
Location: San Jose, California, United States
Announcement
One of the holy grail questions in computer security is how secure are my organization systems? This paper describes our new approach to answering this question. This approach is distinguished from previous efforts in three ways: 1) uses evidence-based security decision-making, 2) produces good enough answers, and 3) relies on open specifications and standards.
One of the holy grail questions in computer security is how secure are my organization systems? This paper describes our new approach to answering this question. This approach is distinguished from previous efforts in three ways: 1) uses evidence-based security decision-making, 2) produces good...
See full abstract
One of the holy grail questions in computer security is how secure are my organization systems? This paper describes our new approach to answering this question. This approach is distinguished from previous efforts in three ways: 1) uses evidence-based security decision-making, 2) produces good enough answers, and 3) relies on open specifications and standards.
Hide full abstract
Keywords
risk assessment; Security Content Automation Protocol (SCAP); security metrology; technical security metrics
Control Families
None selected
) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)
