Employing key indicators to provide a dynamic risk picture with a notion of confidence
A security risk analysis will only serve its purpose if we can trust that the risk levels obtained from the analysis are correct. However, obtaining correct risk levels requires that we find correct likelihood and consequence values for the unwanted incidents identified during the analysis. This is often very hard. Moreover, the values may soon be outdated as the system under consideration or its environment changes. It is therefore desirable to be able to base estimates of risk levels on measurable indicators that are dynamically updated. In this paper we present an approach for exploiting measurable indicators in order to obtain a risk picture that is continuously or periodically updated. We also suggest dynamic notions of confidence aiming to capture to what extent we may trust the current risk picture.
Academic chapter/article/Conference paper
- Atle Refsdal
- Ketil Stølen
- SINTEF Digital / Software and Service Innovation
Trust Management III: Third Ifip Wg 11.11 International Conference
215 - 233