- New
-
Topics
- All Categories
- Metaphysics and Epistemology
- Value Theory
- Science, Logic, and Mathematics
- Science, Logic, and Mathematics
- Logic and Philosophy of Logic
- Philosophy of Biology
- Philosophy of Cognitive Science
- Philosophy of Computing and Information
- Philosophy of Mathematics
- Philosophy of Physical Science
- Philosophy of Social Science
- Philosophy of Probability
- General Philosophy of Science
- Philosophy of Science, Misc
- History of Western Philosophy
- Philosophical Traditions
- Philosophy, Misc
- Other Academic Areas
- Journals
- Submit material
- More
How much matter probabilities in information security quantitative risk assessment?
Abstract
The starting point of this research essay is a critical review of two methods to conduct a quantitative analysis of information systems security risks: 1) Management of Risk: Guidance for Practitioners and 2) a cost model based on annual loss expectancy. We are focusing on these methods with a perspective that highlights the limits of both empiricism and the theoretical elements that underlie them. From an epistemological point of view we have considered the logical syntax of the two models, the semantics included in statements and the pragmatics of the scientific discourse: the use of models to demonstrate the risk assessment thesis, to solve the problems of risks in the human judgment versus mathematical calculus controversy. The major issues that we are discussing in this article imply various perspectives on scientific criteria, the choice among various theories and the structuring of problems proposed to be solved. We argue that the models that have been developed so far, the top-down approach, as well as the demonstrations based on the induction method, cannot be applied in a lot of scenarios, because information systems, considered as a complex whole made up of various components, is primarily not a positivistic science solely described by mathematics. The main research question to be answered in this paper is: What are the limits of knowledge in probabilistic computations for information systems security risk assessment? Our purpose is to demonstrate the epistemological limits of the two models and the error of generalizing probability calculus using the interpretive approach.Links
PhilArchive
External links
(no proxy)
Setup an account with your affiliations in order to access resources via your University's proxy server
Through your library
- Only published works are available at libraries.
My notes
Similar books and articles
Selection and application of appropriate analytical methods needed to assess the risks reducing the security of the protected system.Josef Reitšpís, Martin Mašľan & Igor Britchenko - 2021 - Baltic Journal of Economic Studies 7 (3):1 – 8.
Ontology-based security modeling in ArchiMate.Ítalo Oliveira, Tiago Prince Sales, João Paulo A. Almeida, Riccardo Baratella, Mattia Fumagalli & Giancarlo Guizzardi - forthcoming - Software and Systems Modeling.
Biobanking and risk assessment: a comprehensive typology of risks for an adaptive risk governance.Kaya Akyüz, Olga Tzortzatou, Łukasz Kozera, Melanie Goisauf, Signe Mezinska, Gauthier Chassang & Michaela Th Mayrhofer - 2021 - Life Sciences, Society and Policy 17 (1):1-28.
Developing a theory-based information security management framework for human service organizations.Sameera Mubarak - 2016 - Journal of Information, Communication and Ethics in Society 14 (3):254-271.
Science and proven experience : a Swedish variety of evidence based medicine and a way to better risk analysis?Johannes Persson, Niklas Vareman, Annika Wallin, Lena Wahlberg & Nils-Eric Sahlin - forthcoming - Journal of Risk Research.
The Truthiness about Hurricane Catastrophe Models.Roger Pielke & Jessica Weinkle - 2017 - Science, Technology, and Human Values 42 (4):547-576.
Mechanistic Information as Evidence in Decision-Oriented Science.José Luis Luján, Oliver Todt & Juan Bautista Bengoetxea - 2016 - Journal for General Philosophy of Science / Zeitschrift für Allgemeine Wissenschaftstheorie 47 (2):293-306.
AI Risk Assessment: A Scenario-Based, Proportional Methodology for the AI Act.Claudio Novelli, Federico Casolari, Antonino Rotolo, Mariarosaria Taddeo & Luciano Floridi - 2024 - Digital Society 3 (13):1-29.
An Ontology of Security from a Risk Treatment Perspective.Ítalo Oliveira, Tiago Prince Sales, Riccardo Baratella, Mattia Fumagalli & Giancarlo Guizzardi - 2022 - In Ítalo Oliveira, Tiago Prince Sales, Riccardo Baratella, Mattia Fumagalli & Giancarlo Guizzardi (eds.), 41th International Conference, ER 2022, Proceedings. Cham: Springer. pp. 365-379.
Uncertainty in risk assessment : contents and modes of communication.Rikard Levin - 2005 - Dissertation, Royal Institute of Technology, Stockholm
Analytics
Added to PP
2014-06-28
Downloads
7 (#1,408,163)
6 months
7 (#592,070)
2014-06-28
Downloads
7 (#1,408,163)
6 months
7 (#592,070)
Historical graph of downloads
Citations of this work
PhilPapers logo by Andrea Andrews and Meghan Driscoll.
This site uses cookies and Google Analytics (see our terms & conditions for details regarding the privacy implications). Use of this site is subject to terms & conditions.
All rights reserved by The PhilPapers Foundation
Server: philpapers-web-6686886f5-kkm7k uwo