Affordable Access

Publisher Website

TBSE—an engineering approach to the design of accurate and reliable security systems

Authors
Journal
Computers & Security
0167-4048
Publisher
Elsevier
Publication Date
Volume
23
Issue
1
Identifiers
DOI: 10.1016/s0167-4048(04)00069-0
Keywords
  • Risk Modelling
  • Risk Forecasting
  • Risk Quantification
  • Metrics
  • Security Engineering
  • Security Benefits
  • Security Roi
Disciplines
  • Design
  • Engineering
  • Mathematics

Abstract

Abstract For many years, the IT Security industry has been trying to devise a way to quantify risk and the benefits provided by security countermeasures in a form meaningful to senior business management. Threat-Based Security Engineering (TBSE) is a fresh approach to modelling and forecasting information security risk. TBSE takes a non-deterministic approach to modelling how security threats interact with countermeasures enabling quantitative forecasts of the likelihood and characteristics of security incidents as a direct function of the security measures employed. Preliminary results are encouraging and there appears to be no reason why the TBSE techniques could not be applied to a wide range of threats and countermeasures. Assuming they can, these techniques could become the foundation for a greatly needed disciplined engineering approach to the design of accurate and reliable security systems. Amongst the many other benefits, this would give senior business management the much sought after tools with which to oversee and direct corporate security expenditures. This article describes the TBSE approach and what it can do.

There are no comments yet on this publication. Be the first to share your thoughts.