Problem areas in computer security assessment

by S. Glaseman, Rein Turn, R. Stockton Gaines


Purchase Print Copy

 FormatList Price Price
Add to Cart Paperback29 pages $20.00 $16.00 20% Web Discount

An important problem area in providing security in computer systems is the avoidance of excessively costly and constraining security practices while providing an adequate level of security. In addition, there are problems in determining an appropriate level of investment in techniques and practices which enhance security and in the measurement of returns on those investments, i.e., to what degree is security improved by any given technique? The resolution of these problems depends on the development of a capability for identifying and evaluating the risks of storing and processing sensitive data in imperfectly secure computing environments. This paper provides background information on security assessment, surveys recent work and the present status of computer security assessment, and identifies the research needed to move this field forward.

This report is part of the RAND Corporation Paper series. The paper was a product of the RAND Corporation from 1948 to 2003 that captured speeches, memorials, and derivative research, usually prepared on authors' own time and meant to be the scholarly or scientific contribution of individual authors to their professional fields. Papers were less formal than reports and did not require rigorous peer review.

The RAND Corporation is a nonprofit institution that helps improve policy and decisionmaking through research and analysis. RAND's publications do not necessarily reflect the opinions of its research clients and sponsors.