Appendix B RISK ASSESSMENT METRICS
This appendix will propose and define a set of quantifiable metrics that can be used to mathematically calculate risk. Most of this material evolved out the Trident-Risk Assessment process (T-RAP) that was published under the title Risk Management Theory and Practice.1 This study was sponsored by the U.S. Air Force Information Warfare Center. Subsequent work with the theories and concepts therein produced a set of equations and analytical tools that was incorporated into a series of technology offerings. I cite these modeling processes here as a complement to the McCumber Cube methodology and the basis for the risk management assessment methodology presented in Chapter 5.
This risk assessment process captured ...
Get Assessing and Managing Security Risk in IT Systems now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
