CERTS: a comparative evaluation method for risk management methodologies and tools
Garrabrants, William M.
Ellis, Alfred W. III
Hoffman, Lance J.
MetadataShow full item record
This thesis develops a comparative evaluation method for computer security risk management methodologies and tools. The subjective biases inherent to current comparison practices are reduced by measuring unique characteristics of computer security risk management methodologies. Standardized criteria are established and described by attributes which in turn are defined by metrics that measure the characteristics. The suitability of a method or tool to a particular organizational situation can then be analyzed objectively. Additionally, our evaluation method facilitates the comparison of methodologies and tools to each other. As a demonstration of its effectiveness, our method is applied to four distinct risk management methodologies and four risk management tools. Alternative models for utilizing the evaluation method are presented as well as possible directions for their application. Without an adequate means of comparing and evaluating risk management decision-making methodologies, the metadecision (the selection of a risk management method or tool) becomes arbitrary and capricious, thereby making an inappropriate selection more likely. Selection of an inappropriate method or tool could lead to excessive costs, misdirected efforts, and the loss of assets. The systematic and standard comparison method developed in this thesis resolves that problem.
Approved for public release, distribution is unlimited
Showing items related by title, author, creator and subject.
Foust, Coleen; Jenson, Christopher (Monterey, California. Naval Postgraduate School, 2006-12);In order to leverage buying power, reduce costs and improve supplier management, the United States Air Force (USAF) needs to take a strategic approach to acquiring goods and services. Both academic and business literature ...
Acquisition Management for System-of-Systems: Requirement Evolution and Acquisition Strategy Planning Han, Seung Yeob; Fang, Zhemei; DeLaurentis, Daniel (2012-04-30); NPS-AM-12-C9P07R03-058The complex interdependencies between systems organized for a system-of-systems (SoS) capability pose a challenge to effective acquisition management of SoS assets. In general, methodologies to assess risk that cascades ...
Bestercy, Robert J. (Monterey, California. Naval Postgraduate School, 1998-12);This thesis researches business forecasting models and methodologies for application in the management of cash in the Navy Working Capital Fund (NWCF). The recent dissolution of the Defense Business Operations Fund (DBOF) ...