Sciweavers

IEEEARES
2008
IEEE

Quantitative Assessment of Enterprise Security System

14 years 5 months ago
Quantitative Assessment of Enterprise Security System
—In this paper we extend a model-based approach to security management with concepts and methods that provide a possibility for quantitative assessments. For this purpose we introduce security metrics and explain how they are aggregated using the underlying model as a frame. We measure numbers of attack of certain threats and estimate their likelihood of propagation along the dependencies in the underlying model. Using this approach we can identify which threats have the strongest impact on business security objectives and how various security controls might differ with regard to their effect in reducing these threats.
Ruth Breu, Frank Innerhofer-Oberperfler, Artsiom Y
Added 31 May 2010
Updated 31 May 2010
Type Conference
Year 2008
Where IEEEARES
Authors Ruth Breu, Frank Innerhofer-Oberperfler, Artsiom Yautsiukhin
Comments (0)