Chapter 5. Knowledge of risk as an element of cybersecurity argument
Ad hoc methods for identifying security holes in cybersystems suit hackers; however, the risk assessment process underlying cyberdefense must be systematic.
This chapter describes how risk analysis can be made more systematic, repeatable, and objective to provide a solid foundation for system assurance. Accumulating and distributing cybersecurity knowledge in the form of accredited and up-to-date machine-readable catalogs of threat events can make risk assessment more repeatable. Integrating cybersecurity knowledge with system facts makes identification of threats and the corresponding risks systematic and produces evidence for the assurance case. Accumulation and distribution ...