Security Risk Measurement for the RAdAC Model

摘要

The purpose of this thesis is to provide a quantification process for the risk module of the NSA RAdAC model. The intent is to quantify the risk involved in a single information transaction. Additionally, this thesis will attempt to identify the risk factors involved when calculating the total security risk measurement. This list is not intended to be an all-inclusive list of every factor associated with a transaction. Rather, we intend to supply a pragmatic list that is easily scalable to specific situations to include those factors which have the greatest effect on the total security risk measurement. In addition, we have asked experts in multiple fields to provide us with their opinion on the weighting of the risk factors. Finally, these weight sets and concomitant risk factors will be tested for accuracy in an Excel model.