1176506822
nsa.jpeg
Making IA Decisions: Optimizing Risk Assessment Scope

<b>Speaker: Richard Straka - National Security Agency</b><br><br>

<b>Time and Place: Friday 4/13 at 11am in LC102</b><br><br>

Abstract:
Risk Assessments fulfill a variety of decision-making functions in
Information Assurance practice, ranging from supporting portfolio-based
investment decisions - through architecture, design and certification &
accreditation decisions - to operational decisions regarding systems under
cyber attack. This presentation investigates the characteristics of the
criteria most appropriate to make these decisions - characteristics that
affect the likelihood and magnitude of harm to stakeholders and the behavior
of adversaries. Particularly, decision-making criteria need to account for
and model the stakeholders' tradeoff preferences between security risk and
mission-fulfilling operational system characteristics and also the adversaries' 
tradeoff preferences between payoff, probability of success and risk tolerance.