Towards Validating Risk Indicators Based on Measurement Theory

Share/Save/Bookmark

Morali, Ayse and Wieringa, Roel (2010) Towards Validating Risk Indicators Based on Measurement Theory. In: First International Workshop on Risk and Trust in Extended Enterprises, November 1-4, 2010, San Jose, CA, USA.

[img]
Preview
PDF
103Kb
Abstract:Due to the lack of quantitative information and for cost-efficiency purpose, most risk assessment methods use partially ordered values (e.g. high, medium, low) as risk indicators.
In practice it is common to validate risk scales by asking stakeholders whether they make sense. This way of validation is subjective, thus error prone. If the metrics are wrong (not meaningful), then they may lead system owners to distribute security investments inefficiently. Therefore, when validating risk assessment methods it is important to validate the meaningfulness of the risk scales that they use. In this paper we investigate how to validate the meaningfulness of risk indicators based on measurement theory. Furthermore, to analyze the applicability of measurement theory to risk indicators, we analyze the indicators used by a particular risk assessment method specially developed for assessing confidentiality risks in networks of organizations.
Item Type:Conference or Workshop Item
Copyright:© 2010 IEEE
Faculty:
Electrical Engineering, Mathematics and Computer Science (EEMCS)
Research Group:
Link to this item:http://purl.utwente.nl/publications/73509
Conference URL:http://www.issre2010.org/
Export this item as:BibTeX
EndNote
HTML Citation
Reference Manager

 

Repository Staff Only: item control page