This paper presents a methodology for enumerating the vulnerabilities of a system, and determining what countermeasures can best close those vulnerabilities. We first describe how to characterize possible adversaries in terms of their resources, access, and risk tolerance, then we show how to map vulnerabilities to the system throughout its life cycle, and… (More)
Seeking the knowledge and means to more methodically detect, defend against, and better understand attacks on networked computer resources.
Why measuring security? To make good decisions about how to design security countermeasures, to choose between alternative security architectures, and to improve security during design and operations. This panel brings together a number security experts to relate their perspectives on what makes a good security metric, how risk analysis, one of the most… (More)