When faced with an uncertain threat environment
and resource constraints, security managers and
information system executives would like to be
sure that the security architecture is the best
possible for the money spent. Risk mitigation
strategies should reflect the organization's unique
threat environment and a balance between security, productivity, and risk
tolerance.
Techniques
The techniques of Secure Insight (SI) are flexible,
systematic and repeatable. SI models the timing, severity, and
uncertainty
of
attacks using
the organization's best available threat information. Security
managers can see the effect of their risk mitigation strategies
against the threats, and compare alternative strategies. In addition,
SI can easily incorporate the continual changes in the threat
environment.
Security managers gain insight into security investment
decisions, and information system executives can see their justification
and
rationale for
security allocations. SI uses multi-attribute analysis
techniques to help the security staff prioritize their security
requirements and effectively allocate their limited resources.
SI allows the security staff to focus on the important security
issues and provides insight into their threat environment and
the risk mitigation strategies that are most effective in reducing
the organization's risks.
Most importantly, SI enables the security staff to conduct sensitivity
analysis of their estimates and see how their assumptions affect
the allocation of security resources.
The
Secure Insight Analysis>
