Security lecture this Friday RESEARCHER PRESENTS SECURITY DESIGN COST BENEFIT ANALYSIS METHOD IN FRIDAY, NOV. 9 LECTURE Conducting cost-benefit analyses of architectural attributes such as security have always been difficult, because the benefits are difficult to assess. Specialists usually make security decisions, but program managers are left wondering whether their investment in security is well spent. In this OCATE lecture on Friday, Nov. 9 at 12:30 PM Shawn Butler from Carnegie Mellon University presents a cost-benefit analysis method called SAEM. The lecture, "Security attribute evaluation method: a cost benefit approach," will focus on a method that provides security engineers a way to compare alternative security designs. Empirical data from a financial and accounting system is used to illustrate the key components of SAEM. The lecture will begin with a brief description of a multi-attribute risk assessment that results in a prioritized list of risks. Security practitioners estimate countermeasure benefits and how the organization's risks are reduced. Using SAEM, security design alternatives are compared with the organization's current selection of security technologies to see if a more cost-effective solution is possible. The goal of using SAEM is to help convince information-system stakeholders that the security investment is consistent with the expected risks. Shawn Butler is a Ph.D. candidate at Carnegie Mellon University where her research interest is economic analysis of software design decisions. Her thesis research examines how to conduct cost-benefit analysis in selecting security technologies. Prior to starting the Ph.D. program, Ms. Butler worked as a system engineer on several large military command and control systems. The lecture, November 9 at 12:30 PM, will be at OCATE in the CAPITAL Center, 18640 NW Walker Rd. at 185th Ave. in Beaverton. This is a "brown-bag lunch" event -- coffee and tea will be provided. The lecture is cosponsored by the department of computer science at Portland State University. For additional information about the lecture visit http://www.ocate.edu, e-mail info@private, or call 503-725-2200. OCATE lectures are free and open to the public.
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:30:53 PDT