A total risk assessment methodology for security assessment
Abstract not provided.
Publications
A total risk assessment methodology for security assessment
Sandia National Laboratories performed a two-year Laboratory Directed Research and Development project to develop a new collaborative risk assessment method to enable decision makers to fully consider the interrelationships between threat, vulnerability, and consequence. A five-step Total Risk Assessment Methodology was developed to enable interdisciplinary collaborative risk assessment by experts from these disciplines. The objective of this process is promote effective risk management by enabling analysts to identify scenarios that are simultaneously achievable by an adversary, desirable to the adversary, and of concern to the system owner or to society. The basic steps are risk identification, collaborative scenario refinement and evaluation, scenario cohort identification and risk ranking, threat chain mitigation analysis, and residual risk assessment. The method is highly iterative, especially with regard to scenario refinement and evaluation. The Total Risk Assessment Methodology includes objective consideration of relative attack likelihood instead of subjective expert judgment. The 'probability of attack' is not computed, but the relative likelihood for each scenario is assessed through identifying and analyzing scenario cohort groups, which are groups of scenarios with comparable qualities to the scenario being analyzed at both this and other targets. Scenarios for the target under consideration and other targets are placed into cohort groups under an established ranking process that reflects the following three factors: known targeting, achievable consequences, and the resources required for an adversary to have a high likelihood of success. The development of these target cohort groups implements, mathematically, the idea that adversaries are actively choosing among possible attack scenarios and avoiding scenarios that would be significantly suboptimal to their objectives. An adversary who can choose among only a few comparable targets and scenarios (a small comparable target cohort group) is more likely to choose to attack the specific target under analysis because he perceives it to be a relatively unique attack opportunity. The opposite is also true. Thus, total risk is related to the number of targets that exist in each scenario cohort group. This paper describes the Total Risk Assessment Methodology and illustrates it through an example.
High-level Assessment of Terrorist Risk to the US Food Supply
Abstract not provided.
Constructing the ASCI Computational Grid
Abstract not provided.
Constructing the ASCI computational grid
The Accelerated Strategic Computing Initiative (ASCI) computational grid is being constructed to interconnect the high performance computing resources of the nuclear weapons complex. The grid will simplify access to the diverse computing, storage, network, and visualization resources, and will enable the coordinated use of shared resources regardless of location. To match existing hardware platforms, required security services, and current simulation practices, the Globus MetaComputing Toolkit was selected to provide core grid services. The ASCI grid extends Globus functionality by operating as an independent grid, incorporating Kerberos-based security, interfacing to Sandia's Cplant{trademark},and extending job monitoring services. To fully meet ASCI's needs, the architecture layers distributed work management and criteria-driven resource selection services on top of Globus. These services simplify the grid interface by allowing users to simply request ''run code X anywhere''. This paper describes the initial design and prototype of the ASCI grid.
5 Results