Sciweavers

ACSAC
1998
IEEE

A Practical Approach to Measuring Assurance

13 years 7 months ago
A Practical Approach to Measuring Assurance
1 Assurance has been defined as "the degree of confidence that security needs are satisfied"[2]. The problem with this definition is that, unless one has a way to specify security needs in some measurable way, assurance can not be expressed in a measurable way either. The definition leaves the practitioner with the challenge of determining what "security needs" are, whether or not they have been "satisfied," and how to determine "confidence." In this paper, we define assurance as "a measure of confidence in the accuracy of a risk or security measurement." A critical feature of the view of assurance presented here is that it is orthogonal to the measurement of risk and security. High assurance ratings have traditionally been associated with high security and low risk. Our definition permits high assurance to be associated with low security and high risk as well. It also provides a way of deciding whether or not the assurance one has is s...
G. F. Jelen, J. R. Williams
Added 04 Aug 2010
Updated 04 Aug 2010
Type Conference
Year 1998
Where ACSAC
Authors G. F. Jelen, J. R. Williams
Comments (0)