Gregory D. Wyss

Learn More
Decision-makers want to perform risk-based cost-benefit prioritization of security investments. However, strong nonlinearities in the most common physical security performance metric make it difficult to use for cost-benefit analysis. This paper extends the definition of risk for security applications and embodies this definition in a new but related(More)
Assessing the risk of malevolent attacks against large-scale critical infrastructures requires modifications to existing methodologies. Existing risk assessment methodologies consider physical security and cyber security separately. As such, they do not accurately model attacks that involve defeating both physical protection and cyber protection elements(More)
Assessing the risk of malevolent attacks against large-scale critical infrastructures requires modifications to existing methodologies. Existing risk assessment methodologies consider physical security and cyber security separately. As such, they do not accurately model attacks that involve defeating both physical protection and cyber protection elements(More)
The globalization of today's supply chains (e.g., information and communication technologies, military systems, etc.) has created an emerging security threat that could degrade the integrity and availability of sensitive and critical government data, control systems, and infrastructures. Commercial-off-the-shelf (COTS) and even government-off-the-self(More)
Security, assurance, and risk management in software sytems are viewed in terms of three historical generations, with significant paradigm shifts occurring in each generation. The software community is currently on the brink of the third generation, and needs advances in modeling, risk theory, tools, and assurance methods. The third generation is(More)
This article describes how features of event tree analysis and Monte Carlo–based discrete event simulation can be combined with concepts from object-oriented analysis to develop a new risk assessment methodology, with some of the best features of each. The resultant object-based event scenario tree (OBEST) methodology enables an analyst to rapidly construct(More)
  • 1