skip to main content
OSTI.GOV title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Computer Security Risk Assessment

Software ·
DOI:https://doi.org/10.11578/dc.20180615.9· OSTI ID:1230130 · Code ID:12076

LAVA/CS (LAVA for Computer Security) is an application of the Los Alamos Vulnerability Assessment (LAVA) methodology specific to computer and information security. The software serves as a generic tool for identifying vulnerabilities in computer and information security safeguards systems. Although it does not perform a full risk assessment, the results from its analysis may provide valuable insights into security problems. LAVA/CS assumes that the system is exposed to both natural and environmental hazards and to deliberate malevolent actions by either insiders or outsiders. The user in the process of answering the LAVA/CS questionnaire identifies missing safeguards in 34 areas ranging from password management to personnel security and internal audit practices. Specific safeguards protecting a generic set of assets (or targets) from a generic set of threats (or adversaries) are considered. There are four generic assets: the facility, the organization's environment; the hardware, all computer-related hardware; the software, the information in machine-readable form stored both on-line or on transportable media; and the documents and displays, the information in human-readable form stored as hard-copy materials (manuals, reports, listings in full-size or microform), film, and screen displays. Two generic threats are considered: natural and environmental hazards, storms, fires, power abnormalities, water and accidental maintenance damage; and on-site human threats, both intentional and accidental acts attributable to a perpetrator on the facility's premises.

Short Name / Acronym:
LAVA/CS
Project Type:
Closed Source
Site Accession Number:
1031
Software Type:
Scientific
Research Organization:
Los Alamos National Laboratory (LANL), Los Alamos, NM (United States)
Sponsoring Organization:
DOE/AO
Primary Award/Contract Number:
AC52-06NA25396
DOE Contract Number:
AC52-06NA25396
Code ID:
12076
OSTI ID:
1230130
Country of Origin:
United States

Similar Records

LAVA/CS. Computer Security Risk Assessment
Technical Report · Thu Jun 25 00:00:00 EDT 1987 · OSTI ID:1230130
Framework for generating expert systems to perform computer security risk analysis
Conference · Tue Jan 01 00:00:00 EST 1985 · OSTI ID:1230130
Addressing the insider threat
Conference · Sat May 01 00:00:00 EDT 1993 · OSTI ID:1230130
+1 more

Related Subjects