CERTS: a comparative evaluation method for risk management methodologies and tools
Approved for public release, distribution is unlimited === This thesis develops a comparative evaluation method for computer security risk management methodologies and tools. The subjective biases inherent to current comparison practices are reduced by measuring unique characteristics of computer se...
Main Authors: | , |
---|---|
Other Authors: | |
Language: | en_US |
Published: |
Monterey, California. Naval Postgraduate School
2013
|
Online Access: | http://hdl.handle.net/10945/30691 |
id |
ndltd-nps.edu-oai-calhoun.nps.edu-10945-30691 |
---|---|
record_format |
oai_dc |
spelling |
ndltd-nps.edu-oai-calhoun.nps.edu-10945-306912015-01-26T15:55:39Z CERTS: a comparative evaluation method for risk management methodologies and tools Garrabrants, William M. Ellis, Alfred W. III Hoffman, Lance J. Kamel, Magdi Naval Postgraduate School (U.S.) Department of Administrative Sciences Approved for public release, distribution is unlimited This thesis develops a comparative evaluation method for computer security risk management methodologies and tools. The subjective biases inherent to current comparison practices are reduced by measuring unique characteristics of computer security risk management methodologies. Standardized criteria are established and described by attributes which in turn are defined by metrics that measure the characteristics. The suitability of a method or tool to a particular organizational situation can then be analyzed objectively. Additionally, our evaluation method facilitates the comparison of methodologies and tools to each other. As a demonstration of its effectiveness, our method is applied to four distinct risk management methodologies and four risk management tools. Alternative models for utilizing the evaluation method are presented as well as possible directions for their application. Without an adequate means of comparing and evaluating risk management decision-making methodologies, the metadecision (the selection of a risk management method or tool) becomes arbitrary and capricious, thereby making an inappropriate selection more likely. Selection of an inappropriate method or tool could lead to excessive costs, misdirected efforts, and the loss of assets. The systematic and standard comparison method developed in this thesis resolves that problem. 2013-04-11T22:15:02Z 2013-04-11T22:15:02Z 1990-03 Thesis http://hdl.handle.net/10945/30691 en_US This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. As such, it is in the public domain, and under the provisions of Title 17, United States Code, Section 105, it may not be copyrighted. Monterey, California. Naval Postgraduate School |
collection |
NDLTD |
language |
en_US |
sources |
NDLTD |
description |
Approved for public release, distribution is unlimited === This thesis develops a comparative evaluation method for computer security risk management methodologies and tools. The subjective biases inherent to current comparison practices are reduced by measuring unique characteristics of computer security risk management methodologies. Standardized criteria are established and described by attributes which in turn are defined by metrics that measure the characteristics. The suitability of a method or tool to a particular organizational situation can then be analyzed objectively. Additionally, our evaluation method facilitates the comparison of methodologies and tools to each other. As a demonstration of its effectiveness, our method is applied to four distinct risk management methodologies and four risk management tools. Alternative models for utilizing the evaluation method are presented as well as possible directions for their application. Without an adequate means of comparing and evaluating risk management decision-making methodologies, the metadecision (the selection of a risk management method or tool) becomes arbitrary and capricious, thereby making an inappropriate selection more likely. Selection of an inappropriate method or tool could lead to excessive costs, misdirected efforts, and the loss of assets. The systematic and standard comparison method developed in this thesis resolves that problem. |
author2 |
Hoffman, Lance J. |
author_facet |
Hoffman, Lance J. Garrabrants, William M. Ellis, Alfred W. III |
author |
Garrabrants, William M. Ellis, Alfred W. III |
spellingShingle |
Garrabrants, William M. Ellis, Alfred W. III CERTS: a comparative evaluation method for risk management methodologies and tools |
author_sort |
Garrabrants, William M. |
title |
CERTS: a comparative evaluation method for risk management methodologies and tools |
title_short |
CERTS: a comparative evaluation method for risk management methodologies and tools |
title_full |
CERTS: a comparative evaluation method for risk management methodologies and tools |
title_fullStr |
CERTS: a comparative evaluation method for risk management methodologies and tools |
title_full_unstemmed |
CERTS: a comparative evaluation method for risk management methodologies and tools |
title_sort |
certs: a comparative evaluation method for risk management methodologies and tools |
publisher |
Monterey, California. Naval Postgraduate School |
publishDate |
2013 |
url |
http://hdl.handle.net/10945/30691 |
work_keys_str_mv |
AT garrabrantswilliamm certsacomparativeevaluationmethodforriskmanagementmethodologiesandtools AT ellisalfredwiii certsacomparativeevaluationmethodforriskmanagementmethodologiesandtools |
_version_ |
1716728511193939968 |