Why and How to do AVAs?
Philosophy on Vulnerability Assessments
[116KB | Last updated: Wed, Oct. 03, 2012]
The Argonne VAT has conducted vulnerability assessments on over 1000 different physical security devices, systems, and programs for many different private companies, NGOs, and government organizations, including IAEA, DoD, DOE, NNSA, DOS, and intelligence agencies.
There are a number of conventional tools for finding security vulnerabilities. These include:
- Security surveys
- Risk management
- Design basis threat
- CARVER Method
- Delphi Method
- Software vulnerability assessment tools
- Infrastructure modeling, etc.
These techniques were major breakthroughs when they were first developed, and are still useful.
But they do not typically produce dramatic improvements in security. We believe that the Adversarial
Vulnerability Assessment (AVA) is a more powerful tool. To learn why and how to do AVAs, see :
Philosophy on Vulnerability Assessments [116KB | Last updated: Wed, Oct. 03, 2012]
Security Theater 3000 — (Sometimes we need to be a little more skeptical about claims made for security products)
- Philosophy on Vulnerability Assessments [116KB | Last updated: Wed, Oct. 03, 2012]
- RG Johnston, “How to Think Like a Vulnerability Assessor”, Talk for the 58th Annual ASIS Meeting, Philadelphia, PA, September 10-13, 2012 [7.2MB].
For copies of the VAT papers and presentations on a wide variety of physical security issues (tags, seals, product counterfeiting, vulnerability assessments, RFIDs, GPS, nuclear safeguards) contact Roger G. Johnston.