Referenced Items are not available for this document.
Risk analysis is, at best, a good general-purpose yardstick by which we can judge our security design's effectiveness. Because roughly 50 percent of security problems are the result of design flaws, performing a risk analysis at the design level is an important part of a solid software security program. Taking the trouble to apply risk-analysis methods at the design level for any application often yields valuable, business-relevant results. The risk analysis process is continuous and applies to many different levels, at once identifying system-level vulnerabilities, assigning probability arid impact, arid determining reasonable mitigation strategies. The paper looks at how, by considering the resulting ranked risks, business stakeholders can determine how to manage particular risks and what the most cost-effective controls might be.
Published in:
Security & Privacy, IEEE
(Volume:2
,
Issue:
4
)
Date of Publication: July-Aug. 2004
- Page(s):
- 79 - 84
- ISSN :
- 1540-7993
- INSPEC Accession Number:
- 8062337
- Digital Object Identifier :
- 10.1109/MSP.2004.55
- Product Type:
- Journals & Magazines
- Date of Current Version :
- 04 October 2004
- Issue Date :
- July-Aug. 2004
- Sponsored by :
- IEEE Computer Society
About IEEE Xplore | Contact | Help | Terms of Use | Nondiscrimination Policy | Site Map | Privacy & Opting Out of Cookies
A not-for-profit organization, IEEE is the world's largest professional association for the advancement of technology.
© Copyright 2013 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.
