Why and How to do AVAs?
Philosophy on Vulnerability Assessments
[116KB | Last updated: Wed, Oct. 03, 2012]
The Argonne VAT has conducted vulnerability assessments on over 1000 different physical security devices, systems, and programs for many different private companies, NGOs, and government organizations, including IAEA, DoD, DOE, NNSA, DOS, and intelligence agencies.
There are a number of conventional tools for finding security vulnerabilities. These include:
- Security surveys
- Risk management
- Design basis threat
- CARVER Method
- Delphi Method
- Software vulnerability assessment tools
- Infrastructure modeling, etc.
These techniques were major breakthroughs when they were first developed, and are still useful.
But they do not typically produce dramatic improvements in security. We believe that the Adversarial
Vulnerability Assessment (AVA) is a more powerful tool. To learn why and how to do AVAs, see :
Philosophy on Vulnerability Assessments [116KB | Last updated: Wed, Oct. 03, 2012]
Security Theater 3000 — (Sometimes we need to be a little more skeptical about claims made for security products)
- Philosophy on Vulnerability Assessments [116KB | Last updated: Wed, Oct. 03, 2012]
- RG Johnston “What Vulnerability
Assessors Know That You Should, Too (Or Want to See How Well Those Anti-Depressants are
Working For You?)” [
A version of this paper first appeared in Asia Pacific Security Magazine 50, 40-42, Aug/Sept 2013.
- RG Johnston, J. Warner “Product
and Technology Counterfeiting: It's not what you think” [
Talk presented at Annual ASIS International Annual Meeting, Chicago, Sept 24-27, 2013
- RG Johnston “But
is it Security Theater?” [
First appeared in Security Magazine, September 2013
- RG Johnston, J. Warner “Common Vulnerability
Assessment Myths (Or What Makes Red Teamers See Red)” [889KB]
A Version of this paper appeared in SecurityInfoWatch.com, August 6 & 13, 2013
- RG Johnston, “How to Think Like a Vulnerability Assessor”, Talk for the 58th Annual ASIS Meeting, Philadelphia, PA, September 10-13, 2012 [7.2MB].
For copies of the VAT papers and presentations on a wide variety of physical security issues (tags, seals, product counterfeiting, vulnerability assessments, RFIDs, GPS, nuclear safeguards) contact Roger G. Johnston.