Title :
Quantitative Assessment of Enterprise Security System
Author :
Breu, Ruth ; Oberperfler, Frank Innerhofer ; Yautsiukhin, Artsiom
Author_Institution :
Res. Group Quality Eng., Univ. of Innsbruck, Innsbruck
Abstract :
In this paper we extend a model-based approach to security management with concepts and methods that provide a possibility for quantitative assessments. For this purpose we introduce security metrics and explain how they are aggregated using the underlying model as a frame. We measure numbers of attack of certain threats and estimate their likelihood of propagation along the dependencies in the underlying model. Using this approach we can identify which threats have the strongest impact on business security ob jectives and how various security controls might differ with regard to their effect in reducing these threats.
Keywords :
business data processing; security of data; business security objectives; enterprise security system; quantitative assessment; security management; security metrics; Application software; Availability; Bridges; Collaboration; Computer science; Computer security; Information security; Information technology; Reliability engineering; Technology management; Information Security; Risk Management;
Conference_Titel :
Availability, Reliability and Security, 2008. ARES 08. Third International Conference on
Conference_Location :
Barcelona
Print_ISBN :
978-0-7695-3102-1
DOI :
10.1109/ARES.2008.164
