The Community for Technology Leaders
RSS Icon
Subscribe
Stuttgart, Germany
May 10, 2011 to May 12, 2011
ISBN: 978-0-7695-4403-8
pp: 122-136
ABSTRACT
Predicting security incidents and forecasting risk are two essential duties when designing an enterprise security system. Based on a quantitative risk assessment technique arising from an an attacker-defender model, we propose a Bayesian learning strategy to continuously update the quality of protection and forecast the decision-theoretic risk. Evidence for or against the security of particular system components can be obtained from various sources, including security patches, software updates, scientific or industrial research result notifications retrieved through RSS feeds. Using appropriate stochastic distribution models, we obtain closed-form expressions (formulas) for the times when to expect the next security incident and when a re-consideration of a security system or component becomes advisable.
INDEX TERMS
Decision-theory, Risk-management, Risk forecasting, Bayesian learning, System security
CITATION
Stefan Rass, "Towards a Rapid-Alert System for Security Incidents", IMF, 2011, 2013 Seventh International Conference on IT Security Incident Management and IT Forensics, 2013 Seventh International Conference on IT Security Incident Management and IT Forensics 2011, pp. 122-136, doi:10.1109/IMF.2011.10
28 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool