Re: Re: Security Grade

From: cwright@bdosyd.com.au
Date: Mon Dec 10 2007 - 19:51:46 EST

Next message: DaKahuna: "Re: shared web hosting company"
Previous message: daniel martin gomez: "[tool] Announcing dradis"
Maybe in reply to: Francois Larouche: "Re: Security Grade"
Next in thread: Stephen Strange: "Re: Security Grade"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

('binary' encoding is not supported, stored as-is) Due to the lack of statistical skills the figures are a guess and all that occurs is a qualitative result rather then a quantitative one.

The real example of a quantitative risk assessment is to create a Bayesian prior based on the figures from the firm, an industry trend and other data. Trend data for malware can be formulated using a heteroscadestic trending of the time series data for infections coupled with a fragility / survival algorithm.=20

The issue is that although an extremely accurate risk profile can be developed, is that it is:
1 Costly
2 Few people will know what I am referring to let alone be able to
do this.

Hence, we end up with qualitative risk approximates and risk analysis remains an art rather then developing into a science.=20

Regards,
Dr Craig Wright (GSE-Compliance)

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

Next message: DaKahuna: "Re: shared web hosting company"
Previous message: daniel martin gomez: "[tool] Announcing dradis"
Maybe in reply to: Francois Larouche: "Re: Security Grade"
Next in thread: Stephen Strange: "Re: Security Grade"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:14 EDT