Thursday, May 10, 2012

Cyber Threat Metrics

Mateski, Mark, et al. Cyber Threat Metrics, a special report prepared by Sandia National Laboratories Albuquerque, New Mexico, March 2012.

From the abstract: "Threats are generally much easier to list than to describe, and much easier to describe than to measure. As a result, many organizations list threats. Fewer describe them in useful terms, and still fewer measure them in meaningful ways. This is particularly true in the dynamic and nebulous domain of cyber threats—a domain that tends to resist easy measurement and, in some cases, appears to defy any measurement.

We believe the problem is tractable. In this report we describe threat metrics and models for characterizing threats consistently and unambiguously
." Read more