A Qualitative Methodology for the Assessment of Cyberspace-Related Risks

by Richard Hundley, Robert H. Anderson

Purchase Print Copy

 FormatList Price Price
Add to Cart Paperback40 pages $23.00 $18.40 20% Web Discount

The problem addressed here is assessing the risks to which some organization or activity is exposed as a result of some combination of cyberspace-related vulnerabilities and threats. It is an attempt to assess risk without resorting to quantitative methods, which can appear to offer more accuracy and precision than is in fact warranted. The methodology proposed, although a work in progress, has three favorable points: (1) it is transparent, in that the nature and substance of the judgments and combinatorial steps are apparent; (2) it does not pretend to greater accuracy than can be justified; and (3) it is believed to capture the key elements and interactions involved in assessing cyberspace risk. The methodology does, however, require the user to make a large number of qualitative judgments and to combine them in a subjective fashion. The paper is presented as an annotated briefing.

This report is part of the RAND Corporation paper series. The paper was a product of the RAND Corporation from 1948 to 2003 that captured speeches, memorials, and derivative research, usually prepared on authors' own time and meant to be the scholarly or scientific contribution of individual authors to their professional fields. Papers were less formal than reports and did not require rigorous peer review.

The RAND Corporation is a nonprofit institution that helps improve policy and decisionmaking through research and analysis. RAND's publications do not necessarily reflect the opinions of its research clients and sponsors.