Abstract
Security hazards pose serious risk concerns. But, what makes them unacceptable dangers, is our inability to accurately assess and manage them. The prevailing method of using threat, vulnerability, and consequence to arrive at a risk value has a limitation of interdependence of these variables. This is because the adversary plans his attack using the desired consequence to identify the actionable hazard. While engineering failures tend to be random and accidental in nature, security related events are opportunistic and intentional. Security assessment is further challenged by lack of reliable data, while usability expert opinion is limited due to optimism and overreaction. We have proposed a derivation of the standard methods of risk assessment to compensate for these biases.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: International Journal of System Assurance Engineering and Management
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
