By Topic

A practical approach to measuring assurance

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)

Assurance has been defined as “the degree of confidence that security needs are satisfied”. The problem with this definition is that, unless one has a way to specify security needs in some measurable way, assurance cannot be expressed in a measurable way either. The definition leaves the practitioner with the challenge of determining what security needs are, whether or not they have been satisfied, and how to determine confidence. We define assurance as a measure of confidence in the accuracy of a risk or security measurement. A critical feature of the view of assurance presented is that it is orthogonal to the measurement of risk and security. High assurance ratings have traditionally been associated with high security and low risk. Our definition permits high assurance to be associated with low security and high risk as well. It also provides a way of deciding whether or not the assurance one has is sufficient

Published in:

Computer Security Applications Conference, 1998. Proceedings. 14th Annual

Date of Conference:

7-11 Dec 1998