Chapter 5. Knowledge of risk as an element of cybersecurity argument
Abstract
Ad hoc methods for identifying security holes in cybersystems suit hackers; however, the risk assessment process underlying cyberdefense must be systematic.
This chapter describes how risk analysis can be made more systematic, repeatable, and objective to provide a solid foundation for system assurance. Accumulating and distributing cybersecurity knowledge in the form of accredited and up-to-date machine-readable catalogs of threat events can make risk assessment more repeatable. Integrating cybersecurity knowledge with system facts makes identification of threats and the corresponding risks systematic and produces evidence for the assurance case. Accumulation and distribution ...
Get System Assurance now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
