LAVA: a conceptual framework for automated risk assessment
At the Los Alamos National Laboratory we are developing the framework for generating knowledge-based systems that perform automated risk analyses on an organization's assets. An organization's assets can be subdivided into tangible and intangible assets. Tangible assets include facilities, materiel, personnel, and time, while intangible assets include such factors as reputation, employee morale, and technical knowledge. The potential loss exposure of an asset is dependent upon the threats (both static and dynamic), the vulnerabilities in the mechanisms protecting the assets from the threats, and the consequences of the threats successfully exploiting the protective systems vulnerabilities. The methodology is based upon decision analysis, fuzzy set theory, natural-language processing, and event-tree structures. The Los Alamos Vulnerability and Risk Assessment (LAVA) methodology has been applied to computer security. LAVA is modeled using an interactive questionnaire in natural language and is fully automated on a personal computer. The program generates both summary reports for use by both management personnel and detailed reports for use by operations staff. LAVA has been in use by the Nuclear Regulatory Commission and the National Bureau of Standards for nearly two years and is presently under evaluation by other governmental agencies. 7 refs.
- Research Organization:
- Los Alamos National Lab., NM (USA)
- DOE Contract Number:
- W-7405-ENG-36
- OSTI ID:
- 5778604
- Report Number(s):
- LA-UR-86-2282; CONF-860654-21; ON: DE86012420
- Country of Publication:
- United States
- Language:
- English
Similar Records
LAVA (Los Alamos Vulnerability and Risk Assessment Methodology): A conceptual framework for automated risk analysis
LAVA (Los Alamos Vulnerability and Risk Assessment Methodology): An expert system framework for risk analysis