LAVA/CIS Version 2. 0: A software system for vulnerability and risk assessment
LAVA (the Los Alamos Vulnerability/Risk Assessment system) is an original systematic approach to risk assessment developed at the Los Alamos National Laboratory. It is an alternative to existing quantitative methods, providing an approach that is both objective and subjective, and producing results that are both quantitative and qualitative. LAVA was developed as a tool to help satisfy federal requirements for periodic vulnerability and risk assessments of a variety of systems and to satisfy the resulting need for an inexpensive, reusable, automated risk assessment tool firmly rooted in science. LAVA is a three-part systematic approach to risk assessment that can be used to model a variety of application systems such as computer security systems, communications security systems, information security systems, and others. The first part of LAVA is the mathematical model based on classical risk assessment, hierarchical multilevel system theory, decision theory, fuzzy possibility theory, expert system theory, utility theory, and cognitive science. The second part is the implementation of the mathematical risk model as a general software engine executed on a large class of personal computers. The third part is the application data sets written for a specific application system. The user of a LAVA application is not required to have knowledge of formal risk assessment techniques. All the technical expertise and specialized knowledge are built into the software engine and the application system itself. 36 refs., 5 figs.
- Research Organization:
- Los Alamos National Laboratory (LANL), Los Alamos, NM (United States)
- Sponsoring Organization:
- DOE/DP
- DOE Contract Number:
- W-7405-ENG-36
- OSTI ID:
- 6637948
- Report Number(s):
- LA-UR-90-2042; CONF-9010121-1; ON: DE90013169
- Resource Relation:
- Conference: 13. national computer security conference, Washington, DC (USA), 1-4 Oct 1990
- Country of Publication:
- United States
- Language:
- English
Similar Records
LAVA (Los Alamos Vulnerability and Risk Assessment) and classical risk analysis
Modeling risk assessment applications with LAVA (Los Alamos Vulnerability/Risk Assessment)