Publication

This paper examines the degree of security required to counter computer-related risks. After discussing the deficiencies of the first and second generation approaches of computer security risk models, the author proposes a candidate modeling approach that explicitly incorporates uncertainty and allows for varying degrees of modeling detail to address the failings of previous modeling paradigms. He also presents a critique of publicly available computer security tools and concludes with a case study example.