The role of vulnerability in risk management

Author

Otwell, Ken ; Aldridge, Bruce

Author_Institution

Martin Marietta Lab., Baltimore, MD, USA

fYear

1989

fDate

4-8 Dec 1989

Firstpage

32

Lastpage

38

Abstract

The treatment of vulnerability at the 1988 Risk Model Builders´ Workshop is examined, and a definition of vulnerability that is intuitively satisfying and provides a foundation upon which mathematical models can be built is developed. Two vulnerability models that together appear to capture the general conceptualizations of vulnerability espoused by other authors are presented. The authors also discuss the ongoing development of their expert system for risk management (M²RISK), which will utilize knowledge about vulnerabilities of information systems and their components. M²RISK is designed to eventually function as a full risk-management system with interface tools that will allow rapid specification of systems and easy management of system changes, and generally aid the risk-management process

Keywords

DP management; expert systems; M²RISK; expert system for risk management; interface tools; mathematical models; risk management; role of vulnerability; Computer security; Expert systems; Information systems; Knowledge management; Laboratories; Management information systems; Mathematical model; Minerals; NIST; Risk management;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer Security Applications Conference, 1989., Fifth Annual

Conference_Location

Tucson, AZ

Print_ISBN

0-8186-2006-4

Type

conf

DOI

10.1109/CSAC.1989.81022

Filename

81022