We present a method for developing qualitative security risk assessment algorithms where the input captures the dynamic state of the target of analysis. This facilitates continuous monitoring. The intended users of the method are security and risk practitioners interested in developing assessment algorithms for their own or their client’s organization. Managers and decision makers will typically be end users of the assessments provided by the algorithms. To promote stakeholder involvement, the method is designed to ensure that the algorithm and the underlying risk model are simple to understand. We have employed the method to create assessment algorithms for 10 common cyber attacks, and use one of these to demonstrate the approach.
CITATION STYLE
Erdogan, G., & Refsdal, A. (2018). A method for developing qualitative security risk assessment algorithms. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 10694 LNCS, pp. 244–259). Springer Verlag. https://doi.org/10.1007/978-3-319-76687-4_17
Mendeley helps you to discover research relevant for your work.