Quantitative Assessment of Enterprise Security System

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Ruth Breu Articles by Frank Innerhofer-Oberperfler Articles by Artsiom Yautsiukhin

2008 Third International Conference on Availability, Reliability and Security

March 04-March 07

ISBN: 978-0-7695-3102-1

	ASCII Text	x
	Ruth Breu, Frank Innerhofer-Oberperfler, Artsiom Yautsiukhin, "Quantitative Assessment of Enterprise Security System," Availability, Reliability and Security, International Conference on, pp. 921-928, 2008 Third International Conference on Availability, Reliability and Security, 2008.

	BibTex	x
	@article{ 10.1109/ARES.2008.164, author = {Ruth Breu and Frank Innerhofer-Oberperfler and Artsiom Yautsiukhin}, title = {Quantitative Assessment of Enterprise Security System}, journal ={Availability, Reliability and Security, International Conference on}, volume = {0}, year = {2008}, isbn = {978-0-7695-3102-1}, pages = {921-928}, doi = {http://doi.ieeecomputersociety.org/10.1109/ARES.2008.164}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Availability, Reliability and Security, International Conference on TI - Quantitative Assessment of Enterprise Security System SN - 978-0-7695-3102-1 SP921 EP928 A1 - Ruth Breu, A1 - Frank Innerhofer-Oberperfler, A1 - Artsiom Yautsiukhin, PY - 2008 KW - Information Security KW - Risk Management VL - 0 JA - Availability, Reliability and Security, International Conference on ER -

Ruth Breu

Frank Innerhofer-Oberperfler

Artsiom Yautsiukhin

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/ARES.2008.164

In this paper we extend a model-based approach to security management with concepts and methods that provide a possibility for quantitative assessments. For this purpose we introduce security metrics and explain how they are aggregated using the underlying model as a frame. We measure numbers of attack of certain threats and estimate their likelihood of propagation along the dependencies in the underlying model. Using this approach we can identify which threats have the strongest impact on business security objectives and how various security controls might differ with regard to their effect in reducing these threats.

Index Terms:

Information Security, Risk Management

Citation:

Ruth Breu, Frank Innerhofer-Oberperfler, Artsiom Yautsiukhin, "Quantitative Assessment of Enterprise Security System," ares, pp.921-928, 2008 Third International Conference on Availability, Reliability and Security, 2008

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.