• DocumentCode
    1566393
  • Title

    Quantitative Assessment of Enterprise Security System

  • Author

    Breu, Ruth ; Oberperfler, Frank Innerhofer ; Yautsiukhin, Artsiom

  • Author_Institution
    Res. Group Quality Eng., Univ. of Innsbruck, Innsbruck
  • fYear
    2008
  • Firstpage
    921
  • Lastpage
    928
  • Abstract
    In this paper we extend a model-based approach to security management with concepts and methods that provide a possibility for quantitative assessments. For this purpose we introduce security metrics and explain how they are aggregated using the underlying model as a frame. We measure numbers of attack of certain threats and estimate their likelihood of propagation along the dependencies in the underlying model. Using this approach we can identify which threats have the strongest impact on business security ob jectives and how various security controls might differ with regard to their effect in reducing these threats.
  • Keywords
    business data processing; security of data; business security objectives; enterprise security system; quantitative assessment; security management; security metrics; Application software; Availability; Bridges; Collaboration; Computer science; Computer security; Information security; Information technology; Reliability engineering; Technology management; Information Security; Risk Management;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Availability, Reliability and Security, 2008. ARES 08. Third International Conference on
  • Conference_Location
    Barcelona
  • Print_ISBN
    978-0-7695-3102-1
  • Type

    conf

  • DOI
    10.1109/ARES.2008.164
  • Filename
    4529442
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=1566393