, 1.9MB]
Vulnerability Assessment Team (VAT)
Vulnerability Assessments
|
Network:  Roger Johnston on LinkedIn
|
Why and How to do AVAs?
Philosophy on Vulnerability Assessments
[116KB | Last updated:
Wed, Oct. 03, 2012]
Contact
Vulnerability Assessment Section
Sect. Manager: Roger G. Johnston, Ph.D., CPP
Fax: +1 630-252-7323
Argonne Experts: Roger Johnston
Roger Johnston on LinkedIn
The Argonne VAT has conducted vulnerability assessments on over 1000 different physical security devices, systems, and programs for many different private companies, NGOs, and government organizations, including IAEA, DoD, DOE, NNSA, DOS, and intelligence agencies.
There are a number of conventional tools for finding security vulnerabilities. These include:
- Security surveys
- Risk management
- Design basis threat
- CARVER Method
- Delphi Method
- Software vulnerability assessment tools
- Infrastructure modeling, etc.
These techniques were major breakthroughs when they were first developed, and are still useful.
But they do not typically produce dramatic improvements in security. We believe that the Adversarial
Vulnerability Assessment (AVA) is a more powerful tool. To learn why and how to do AVAs, see :
Philosophy on Vulnerability Assessments [116KB | Last updated:
Wed, Oct. 03, 2012]
Related Multimedia
Security Theater 3000 — (Sometimes we need to be a little more skeptical about claims made for security products)
Available versions of this video:
This video is available in 
Flash
format, 
Quicktime
format, or 
Windows
Media format
Additional Information
- Philosophy on Vulnerability Assessments [116KB | Last updated: Wed, Oct. 03, 2012]
- RG Johnston, “How to Think Like a Vulnerability Assessor”, Talk for the 58th Annual ASIS Meeting, Philadelphia, PA, September 10-13, 2012 [7.2MB].
For copies of the VAT papers and presentations on a wide variety of physical security issues (tags, seals, product counterfeiting, vulnerability assessments, RFIDs, GPS, nuclear safeguards) contact Roger G. Johnston.
