This Is AuburnElectronic Theses and Dissertations

Show simple item record

Quantitative Risk Assessment Model for Software Security in the Design Phase of Software Development


Metadata FieldValueLanguage
dc.contributor.advisorUmphress, David
dc.contributor.advisorHamilton, Johnen_US
dc.contributor.advisorGilbert, Juanen_US
dc.contributor.authorMkpong-Ruffin, Idongesiten_US
dc.date.accessioned2009-02-23T15:57:09Z
dc.date.available2009-02-23T15:57:09Z
dc.date.issued2009-05-15en_US
dc.identifier.urihttp://hdl.handle.net/10415/1584
dc.description.abstractRisk analysis is a process for considering possible risks and determining,which are the most significant for any particular effort. Determining which risks to address and the optimum strategy for mitigating said risks is often an intuitive and qualitative process. An objective view of the risks inherent in a development effort requires a quantitative risk model. Quantitative risk models used in determining which risk factors to focus on tend to use a traditional approach of annualized loss expectancy (ALE)which is based on frequency of occurrence and the exposure factor (EF) which is the percentage of asset loss due to the potential threat in question. This research uses empirical data that reflects the security posture of each vulnerability to calculate Loss Expectancy; a risk impact estimator. Data from open source vulnerability databases and results of predicted threat models are used as input to the risk model. Security factors that take into account the innate characteristics of each vulnerability are incorporated into the calculation of the risk model. The result of this model is an assessment of the potential threats to a development effort and a ranking of these threats based on the risk metric calculation.en_US
dc.language.isoen_USen_US
dc.rightsEMBARGO_NOT_AUBURNen_US
dc.subjectComputer Science and Software Engineeringen_US
dc.titleQuantitative Risk Assessment Model for Software Security in the Design Phase of Software Developmenten_US
dc.typeDissertationen_US
dc.embargo.lengthMONTHS_WITHHELD:6en_US
dc.embargo.statusEMBARGOEDen_US
dc.embargo.enddate2009-08-23en_US

Files in this item

Show simple item record