bilar skybox view 2004
TRANSCRIPT
1
Risk Perspectives • “He who defends everything, defends nothing” – Frederick the Great
• “… it is important to make informed and deliberate management decisions about how to deal with risks, consistent with sound business principles.” – John Casciano,
ESS Group Manager, In testimony before the House on Cyber Security 11/15/01
• “Security is a process... It’s not a single audit or Security Scan” – Ted Julian, SAIC site
• “..risk assessment model (QSRA – Quantitative Risk Analysis for Computer Networks) calculated that for all audited systems, four to six months after their respective release date, the probabilities are very high (66% to 99%) that an attacker can conduct a full consequence compromise, remotely and locally ... QSRA's `highest risk' analytic risk mitigation strategy consistently outperforms the simpler strategy of choosing software with the highest vulnerability count. – Dr. Daniel Bilar, Dartmouth College
• Continuous, proactive risk modeling and attack simulation reduces risk. It is an essential component in a defense in depth architecture. – Skybox Security