Statistical Analysis in Information Assurance
Sp-421,06 January 2005, 1500-1550
Dan's Powerpoint Presentation

In order to evaluate investments in INFOSEC, we need to understand the impact of the investment on expected loss. Expected loss is, of course, the product of the impact of the loss on the organization and the probability that the loss will occur. Unfortunately, little data exists upon which to base an evaluation of the probability of a loss. Statistical methods are available which allow properly collected data to be used to estimate the required probability distributions.

About Dan Ryan
Daniel J. Ryan is a Professor of Systems Management at the National Defense University, teaching information security, information assurance, cryptography, network security, and computer forensics. Prior to joining NDU, he was a lawyer in private practice, a businessman and an educator teaching law and information security for George Washington University. Prior to entering private practice as an attorney, he served as Corporate Vice President of Science Applications International Corporation with responsibility for information security for Government customers and commercial clients who operate worldwide and must create, store, process and communicate sensitive information and engage in electronic commerce.