A Method for Developing Qualitative Security Risk Assessment Algorithms
Journal article, Peer reviewed
Accepted version
Permanent lenke
http://hdl.handle.net/11250/2500576Utgivelsesdato
2018Metadata
Vis full innførselSamlinger
- Publikasjoner fra CRIStin - SINTEF AS [5801]
- SINTEF Digital [2501]
Originalversjon
Lecture Notes in Computer Science. 2018, 10694 244-259. 10.1007/978-3-319-76687-4_17Sammendrag
We present a method for developing qualitative security risk assessment algorithms where the input captures the dynamic state of the target of analysis. This facilitates continuous monitoring. The intended users of the method are security and risk practitioners interested in developing assessment algorithms for their own or their client’s organization. Managers and decision makers will typically be end users of the assessments provided by the algorithms. To promote stakeholder involvement, the method is designed to ensure that the algorithm and the underlying risk model are simple to understand. We have employed the method to create assessment algorithms for 10 common cyber attacks, and use one of these to demonstrate the approach.