Penetration Testing mailing list archives
Re: Re: Security Grade
From: cwright () bdosyd com au
Date: 11 Dec 2007 00:51:46 -0000
Due to the lack of statistical skills the figures are a guess and all that occurs is a qualitative result rather then a quantitative one. The real example of a quantitative risk assessment is to create a Bayesian prior based on the figures from the firm, an industry trend and other data. Trend data for malware can be formulated using a heteroscadestic trending of the time series data for infections coupled with a fragility / survival algorithm.=20 The issue is that although an extremely accurate risk profile can be developed, is that it is: 1 Costly 2 Few people will know what I am referring to let alone be able to do this. Hence, we end up with qualitative risk approximates and risk analysis remains an art rather then developing into a science.=20 Regards, Dr Craig Wright (GSE-Compliance) ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Re: Security Grade, (continued)
- Re: Security Grade dave-san (Dec 10)
- RE: Security Grade Malhoit, Lauren (Dec 10)
- Re: Security Grade Benjamin Tomhave (Dec 10)
- Re: Security Grade Eddie Block (Dec 10)
- Re: Security Grade Francois Larouche (Dec 12)
- Re: Security Grade Eddie Block (Dec 12)
- Re: Security Grade Francois Larouche (Dec 13)
- Re: Security Grade Pete Herzog (Dec 13)
- Re: Security Grade Francois Larouche (Dec 12)
- Re: Security Grade Stephen Strange (Dec 12)
- Re: Security Grade lauren . malhoit (Dec 10)
- Re: Re: Security Grade cwright (Dec 12)