Title :
Risk assessment for large heterogeneous systems
Author :
Freeman, James W. ; Darr, Thomas C. ; Neely, Richard B.
Author_Institution :
Inf. Syst. Security Group, CTA Inc., Colorado Springs, CO, USA
Abstract :
This paper describes a security risk assessment process for large, heterogeneous systems of systems, such as C4I or weapon systems. It first defines the characteristics of an effective security risk assessment process. Next, it discusses subsystem-level and top-down risk assessment approaches and describes their advantages and limitations. The paper then presents and discusses the characteristics and benefits of a hybrid top-down system-wide approach, termed a “guided top-down” approach. It summarizes the benefits of this approach, including (i) efficient and effective allocation of risk assessment resources (often scarce) at the subsystem level during development and implementation, and (ii) its ability to provide decision makers with understandable results on which to base an approval-to-operate decision
Keywords :
DP management; command and control systems; resource allocation; risk management; security of data; weapons; C4I systems; approval-to-operate decision; decision makers; guided top-down approach; hybrid top-down system-wide approach; large heterogeneous systems; risk assessment resource allocation; security risk assessment process; subsystem-level approaches; weapon systems; Communication system security; Control systems; Fuzzy systems; Information security; Information systems; Management information systems; Resource management; Risk management; Springs; Weapons;
Conference_Titel :
Computer Security Applications Conference, 1997. Proceedings., 13th Annual
Conference_Location :
San Diego, CA
Print_ISBN :
0-8186-8274-4
DOI :
10.1109/CSAC.1997.646172
