8.7. Conclusion
More than ten years after the need for quantitative measures of security initially was brought up (see Littlewood et al. [5]), there still does not exist any common methodology which has been widely adopted for security quantification on a system-level basis. The efforts put in developing methods for quantitative security evaluation during the last decade can be viewed as either static or dynamic analysis methods. The static approach focuses on aspects such as how a system was built and what types of vulnerabilities it may contain, whereas the dynamic methods focus more on how a system is operated and how it behaves in a certain environment. The research presented in this chapter strives to follow the latter approach. As was pointed ...
Get Information Assurance now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
