A Preamble Into Aligning Systems Engineering and Information Security Risk
For many years information security and risk management has been an art rather than a science. This has resulted in the reliance on experts whose methodologies and results can vary widely and which have led to the growth of fear, uncertainty and doubt within the community. At the same time, the failure to be able to effectively expend resources in securing systems has created a misalignment of controls and a waste of scare resources with alternative uses. This paper aims to introduce a number of models and methods that are common in many other areas of systems engineering, but which are only just starting to be used in the determination of information systems risk. This paper introduces the idea of using neural networks of hazard data to reliably model and train risk systems.