local security talk

From: Sarah Mocas (sarah@private)
Date: Thu Nov 08 2001 - 15:03:45 PST

  • Next message: Ken Emmons: "RE: Scam"

    Security lecture this Friday
     
     RESEARCHER PRESENTS SECURITY DESIGN COST BENEFIT
     ANALYSIS METHOD IN FRIDAY, NOV. 9 LECTURE
     
    Conducting cost-benefit analyses of architectural attributes such 
    as security have always been difficult, because the benefits are 
    difficult to assess. Specialists usually make security decisions, 
    but program managers are left wondering whether their investment 
    in security is well spent. In this OCATE lecture on Friday, Nov. 9 
    at 12:30 PM Shawn Butler from Carnegie Mellon University presents 
    a cost-benefit analysis method called SAEM. The lecture, "Security 
    attribute evaluation method: a cost benefit approach," will focus on a
     method that provides security engineers a way to compare alternative 
    security designs. Empirical data from a financial and accounting system 
    is used to illustrate the key components of SAEM.
     
    The lecture will begin with a brief description of a multi-attribute 
    risk assessment that results in a prioritized list of risks. Security 
    practitioners estimate countermeasure benefits and how the organization's 
    risks are reduced. Using SAEM, security design alternatives are compared 
    with the organization's current selection of security technologies to
    see if a more cost-effective solution is possible. The goal of using SAEM 
    is to help convince information-system stakeholders that the security 
    investment is consistent with the expected risks.
     
    Shawn Butler is a Ph.D. candidate at Carnegie Mellon University where her 
    research interest is economic analysis of software design decisions. 
    Her thesis research examines how to conduct cost-benefit analysis in 
    selecting security technologies. Prior to starting the Ph.D. program, 
    Ms. Butler worked as a system engineer on several large military command
    and control systems.
     
    The lecture, November 9 at 12:30 PM, will be at OCATE in the CAPITAL 
    Center, 18640 NW Walker Rd. at 185th Ave. in Beaverton. This is a 
    "brown-bag lunch" event -- coffee and tea will be provided.  The lecture 
    is cosponsored by the department of computer science at Portland State 
    University. For additional information about the lecture visit
    http://www.ocate.edu, e-mail info@private, or call 503-725-2200. 
    OCATE lectures are free and open to the public.
    
     
    



    This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:30:53 PDT