Advances in Computer Science and Engineering
Volume 3, Issue 1, Pages 19 - 46
(March 2009)
|
|
RISK ASSESSMENT VIA PARTIAL ORDERS
Marco Benini (Italy) and Sabrina Sicari (Italy)
|
Abstract:
Although risk assessment is a well-established engineering practice to evaluate the security of a system, the significance of the obtained results is often debated since it depends on the estimates of one or more experts. The core of the debate lies in the metrics the experts use to quantify the importance and the impacts of the system vulnerabilities. This work directly addresses this problem on experts’ metrics by showing a risk assessment method that is invariant with respect to compatible metrics. This result is obtained by abstracting over the individual values and, thus, by developing a method based only on the inner content of the experts’ evaluations. |
| Keywords and phrases: risk assessment, network security, network vulnerability. |
| |
| Number of Downloads: 331 | Number of Views: 1423 |
|
