![[Measurement Logo]](../measurement.gif)
1st ISSRR
May 2001
|
|
![[Measurement Logo]](../measurement-big.gif)
Workshop on Information-Security-System Rating and Ranking
Position Papers
This page lists the position papers presented at the 1st ISSRR Workshop. The contents of these papers were available only before the conference. As they were not all cleared for final public release, the initial position paper has been removed from the site. If you wish a copy of the original paper, please contact the original author(s).
Proceedings of the Workshop, in PDF, are available here. You will need the free Adobe Acrobat Reader.
| Position Paper |
| Abrams, Marshall D. (The MITRE
Corporation) Coming To Acceptance Of Ways For Measuring And Ranking Security Properties |
| Alger, John I. (The MITRE
Corporation) On Assurance, Measures, and Metrics: Definitions and Approaches |
| Bartol, Nadya. (Booz•Allen
& Hamilton) IA Metrics Development and Implementation |
| Bayuk, Jennifer. (ITG Security,
Bear Stearns & Co. Inc.) Measuring Security |
| Bennet S. Yee Security Metrology and the Monty Hall Problem |
| Bicknell, Paul. (The MITRE
Corporation) Security Assertions, Criteria, and Metrics Developed for the IRS |
| Bodeau, Deborah J. (The MITRE
Corpration) Information Assurance Assessment: Lessons-Learned and Challenges |
| Bouchard, Julie F.; and Wood,
Bradley J. (Cyber Defense Research Center, SRI) Red Team Work Factor as a Security Measurement |
| Connolly, Julie. (The MITRE
Corporation) Information Assurance Operational Readiness Metrics |
| Deswarte, Yves; Kaâniche,
Mohamed; and Ortalo, Rodolphe. (LAAS-CNRS) Experimental Validation of a Security Metrics |
| Downs, Deborah D.; and Haddad,
Ranwa. (The Aerospace Corporation) Penetration Testing – The Gold Standard for Security Rating and Ranking |
| Freeman, Jim. (Computer
Technology Associates, Inc.) Which Way is Up? Input On Improving the Technical Basis within the Security Risk Management Process |
| Greenwald, Steven J.
(Independent INFOSEC Consultant) How I Lost and then Regained My Faith in Metrics |
| Hallberg, Jonas; and Hunstad,
Amund. (Swedish Defence Research Agency) Towards quantifying computer security: System structure and system security models |
| Kahn, Jay(The MITRE
Corporation) Certification of Intelligence Community Systems and Measurement of Residual Risks |
| Katzke, Stuart. (National
Security Agency) Security Metrics |
| Kuhlmann, Dirk.(No affiliation
provided) IT Assurance - A Matter of Trust |
| Leighton, Ralph. (Getronics
Government Solutions) Decision Support Metrics Framework |
| Luzwick, Perry G. What’s a Pound of Your Information Worth? Constructs for Collaboration and Consistency |
| Martins, A.; Eloff, JHP. (Rand
Afrikaans University) Measuring Information Security |
| Maxion, Roy A. Carnegie Mellon
University Dependable Measurement |
| McCallam, Dennis. Logicon, A
Northrop Grumman Company The Case Against Numerical Measures for Information Assurance |
| McDermott, Molly; and Dobry, Rob.
(A&N Associates, Inc.) The Perception of Assurance |
| McHugh, John. (Software
Engineering Institute, Carnegie Mellon University) Quantitative Measures of Assurance: Prophecy, Process, or Pipedream? |
| Peeples, Donald R. (SPARTA,
Inc.) Information Assurance Risk Metric Tree |
| Rader, Jock. (Raytheon
Electronic Systems) A Look at Measures of Computer Security from an Insurance Premium Perspective |
| Rogers, George; and Stauffer,
Barry. (Corbett Technologies, Inc.) An Approach To INFOSEC Program Metrics |
| Rubel, Paul; and Pal, Partha BBN
Technologies Assessing Adaptation in the Context of Security and Survivability |
| Schneider, Ed. (Institute for
Defense Analysis) Measurements of System Security |
| Shapiro, Stuart. (The MITRE
Corporation) The Bull in the China Shop: The “Merrill Lynch” IA Assessment Manifesto |
| Skroch, Michael J. (Office of
the Assistant Secretary of Defense (C3I)) Assessments for Rating and Ranking Information Assurance |
| Stoneburner, Gary.
(NIST) High Assurance != (Is Not Equal To) More Secure |
| Vaughn, Rayford B. (Jr.).
(Mississippi State University) Are Measures and Metrics for Trusted Information Systems Possible? |
| Villasenor, Peter V. (Office of
the Assistant Secretary of Defense (C3I), Defense-wide Information Assurance
Program (DIAP)) DoD Operational IA Metrics |
![[ACSA Logo]](http://www.acsac.org/acsa/acsasmall.gif){kind=small}
© 2001 Applied Computer
Security Associates