Year
1990
Abstract
There are several tools available to perform Vulnerability Assessments (VAs). These readilyavailable , general purpose assessment models are limited, though. When the general purpose models fail to provide everything needed in the VA, a custom model should be created. Creating a custom model is not a difficult task. It requires a basic knowledge about VAs and a structured approach. This paper presents a step-wise approach to producing a custom VA. Some reasons for needing to do this and some of the results which result from it are discussed. Regardless of whether a general model or a custom model is used, the results have to be defendable and auditable. This requires exhaustive documentation of every step in conducting a VA. Strict adherence to this and a thorough systematic approach to the VA will help assure adequate information is available to answer any auditor's questions and ensure nothing was missed. Defending the detection probability values assigned to each safeguards element or the Safeguards and Security (S&S) system as a whole, requires more than expert opinion. This paper discusses the factors behind successful performance testing and suggestions for performing sensitivity studies.