USE OF COMPUTER PROGRAMS TO EVALUATE EFFECTIVENESS OF SECURITY SYSTEMS

Year
1987
Author(s)
L. A. Goldman - Science Applications International Corporation
J. W. James - Science Applications International Corporation
T.L. McDaniel - Science Applications Interntional Corp.
L. Harris - Science Applications Inc.
W. M. Rajczak - Science Applications International Corporation
Abstract
Thirty or more computer programs for security vulnerability analysis were developed from 1975 through 1980. Most of these programs are intended for evaluating security system effectiveness against outsider threats, but at least six programs are primarily oriented to insider threats. Some strengths and w e a k n e s s e s o f thes e p r o g r a ms ar e described. Six of these programs, four for outsider threats and two for insider threats, have been revised and adapted for use with IBM personal computers. The vulnerabilit y a n a l y s is process is d i s c u s s e d w i t h e m p h a s is o n dat a The differenc e between and operational data is F o r p e r f o r m a n c e - t y p e data, such as detection and barrier delay times, collection . design data d e s c r i b e d , operational probabilities the difference between unstressed and stressed performance data is discussed. Stressed performance data correspond to situations where an adversary attempts to weaken a security system by mitigating certain security measures. Suggestions are made on the combined use of manual analysis and computer analysis.