Year
2009
Abstract
“Balanced protection” is recognized as an important heuristic of an effective physical protection system. A physical protection system is viewed as balanced when every pathway by which an adversary might attempt to accomplish a goal presents a similar level of difficulty (e.g., similar resources required, similar probability of timely detection, similar likelihood of being neutralized, etc.). Historically, the degree of balance within the protection system has been assessed subjectively when the security analyst compares relevant security metrics for several of the most vulnerable attack pathways using expert judgment. This paper proposes an objective method to obtain a quantitative metric to represent the degree of balance within a security system. The method is based on the mathematics of exponentially weighted moving averages, wherein the performance of the security system for many of the most vulnerable attack pathways are aggregated to provide a single metric. By using an exponentially weighted average instead of a simple mean or a linear weighted average, the method automatically applies higher weighting to the most vulnerable attack pathways and minimal weighting to the less desirable pathways. The method is relatively insensitive to the number of attack pathways considered in the average as long as each attack pathway is developed to a comparable level of granularity. This characteristic is very different from a simple mean or a linear weighted average, which can be very sensitive to the number of terms selected for use in the averaging process. This method can be used to help inform risk management decisions within a single site and across multiple sites.