LAVA (Los Alamos Vulnerability and Risk Assessment) and classical risk analysis [electronic resource].
- Los Alamos, N.M. : Los Alamos National Laboratory, 1989.
Oak Ridge, Tenn. : Distributed by the Office of Scientific and Technical Information, U.S. Dept. of Energy.
- Physical Description:
- Pages: 10 : digital, PDF file
- Additional Creators:
- Los Alamos National Laboratory and United States. Department of Energy. Office of Scientific and Technical Information
- Restrictions on Access:
- Free-to-read Unrestricted online access
- LAVA (the Los Alamos Vulnerability/Risk Assessment system) is a three-part systematic approach to risk assessment that can be used to model risk assessment for a variety of application systems such as computer security systems, communications security systems, information security systems, and others. The first part of LAVA is the mathematical methodology based hierarchical systems theory, fuzzy systems theory, decision analysis, utility theory, and cognitive science; clear relationships exist between LAVA's approach and classical risk analysis. The second part, written for a large class of personal computers, is the general software engine that implements the mathematical risk model. The third part is the application data sets, each written for a specific application system; all application-specific information is data. Application models are knowledge-based expert systems to assess risks in application systems comprising sets of threats, assets, undesirable outcomes, and safeguards. The safeguards system model is in three segments: sets of safeguards functions for protecting the assets from the threats by preventing or ameliorating the undesirable outcomes, sets of safeguards subfunctions whose performance determines whether the function is adequate and complete, and sets of issues, appearing as interactive questionnaires, whose measures define both the weaknesses in the safeguards system and the potential costs of undesirable outcome occurrence. 29 refs.
- Report Numbers:
- E 1.99:la-ur-89-1558
E 1.99: conf-8906141-1
- Other Subject(s):
- Published through SciTech Connect.
Computer security risk management model builders workshop, Ottawa, Canada, 20 Jun 1989.
- Funding Information:
View MARC record | catkey: 14360914