Latest COVID-19 Information for Purdue University

The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)

Mehmet Sahinoglu - Auburn University at Montgomery, AL

Students: Fall 2022, unless noted otherwise, sessions will be virtual on Zoom.

Quantitative Risk Assessment of Software Security and Privacy, and Risk Management with Game Theory

Feb 11, 2009

PDF Slides PDF
Download: Video Icon MP4 Video Size: 873.3MB  
Watch on Youtube Watch on YouTube


The need for information security is undeniable and self-evident. The pervasiveness of this critical topic requires primarily risk assessment and management through quantitative means. To conduct an assessment; repeated security probes, surveys, and input data measurements must be taken and verified toward the goal of risk mitigation with minimal cost. One can evaluate risk using a probabilistically accurate statistical estimation scheme in a quantitative security meter (SM) model that mimics the events of the breach of security. An empirical study using Java code is presented and its accuracy is verified by discrete-event or Monte Carlo simulations. The design improves as more data are collected and updated. Practical aspects of the SM are presented with a real-world example as related to a PC user and a risk-management scenario using the Game Theory approach for optimal cost mitigation results.

Index Terms(10)— Quantitative Risk Assessment, Cost Mitigation, Countermeasure, Security, Privacy, Management, Simulation, Threat, Vulnerability, Game Theory

About the Speaker

Ways to Watch


Watch Now!

Over 500 videos of our weekly seminar and symposia keynotes are available on our YouTube Channel. Also check out Spaf's YouTube Channel. Subscribe today!