Artificial Neural Networks: A Tutorial
Computer - Special issue: neural computing: companion issue to Spring 1996 IEEE Computational Science & Engineering
Using Neural Networks in Reliability Prediction
IEEE Software
An Enhanced Neural Network Technique for Software Risk Analysis
IEEE Transactions on Software Engineering
Bacon Ice Cream: The Best Mix of Proactive and Reactive Security?
IEEE Security and Privacy
The CORAS methodology: model-based risk assessment using UML and UP
UML and the unified process
Secure Systems Development with UML
Secure Systems Development with UML
Processes for Producing Secure Software: Summary of US National Cybersecurity Summit Subgroup Report
IEEE Security and Privacy
Risk Analysis in Software Design
IEEE Security and Privacy
Software Security: Building Security In
Software Security: Building Security In
Enabling the adoption of aspects - testing aspects: a risk model, fault model and patterns
Proceedings of the 8th ACM international conference on Aspect-oriented software development
Hi-index | 0.00 |
Risk analysis is a process for considering possible risks and determining which are the most significant for any particular effort. Determining which risks to address and the optimum strategy for mitigating said risks is often an intuitive and qualitative process. An objective view of the risks inherent in a development effort requires a quantitative risk model. Quantitative risk models used in determining which risk factors to focus on, tend to use a traditional approach of annualized loss expectancy (ALE). This research uses empirical data that reflects the security posture of each vulnerability to calculate Loss Expectancy; a risk impact estimator. Data from open source vulnerability databases and results of predicted threat models are used as input to the risk model. Security factors that take into account the innate characteristics of each vulnerability are incorporated into the calculation of the risk model; resulting in an empirical assessment of the potential threats to a development effort based on the risk metric calculation.