Estimating Target Distribution in security assessment models
作者: Eli Weintraub
DOI: 10.1109/IVSW.2017.8031549
关键词: Data mining 、 Measure (data warehouse) 、 Target distribution 、 Work (electrical) 、 Damages 、 Continuous monitoring 、 Component (UML) 、 Distribution (number theory) 、 Engineering 、 Security assessment
摘要: Organizations are exposed to various cyber-attacks. When a component is exploited, the overall computed damage impacted by number of components network includes. This work focuses on estimating Target Distribution characteristic an attacked network. According existing security assessment models, assessed using ordinal values based users' intuitive knowledge. aimed at defining formula which enables measuring quantitatively components' distribution. The proposed real-time configuration system. Using measure, firms can quantify damages, allocate appropriate budgets actual real risks and build their while taking in consideration demonstrated as part continuous monitoring
sci-hub.se 参考文章(9)
Steven Tom, Dale Christiansen, Dan Berrett, Recommended Practice for Patch Management of Control Systems Idaho National Laboratory. ,(2008) , 10.2172/944885
Terje Aven, Ortwin Renn, On risk defined as an event where the outcome is uncertain Journal of Risk Research. ,vol. 12, pp. 1- 11 ,(2009) , 10.1080/13669870802488883
Ravi Sandhu, David Ferraiolo, Richard Kuhn, The NIST model for role-based access control: towards a unified standard Proceedings of the fifth ACM workshop on Role-based access control. pp. 47- 63 ,(2000) , 10.1145/344287.344301
E. B. Dudin, I. A. Zhlyabinkova, E. G. Zakharova, Yu. G. Smetanin, Information Security in Distributed Computing Systems. A Review Automatic Documentation and Mathematical Linguistics. ,vol. 43, pp. 234- 240 ,(2009) , 10.3103/S0005105509040049
Igor Kotenko, Andrey Chechulin, None, Fast Network Attack Modeling and Security Evaluation based on Attack Graphs Journal of Cyber Security and Mobility. ,vol. 3, pp. 27- 46 ,(2014) , 10.13052/JCSM2245-1439.312
Alexander Keller, Suraj Subramanian, Best practices for deploying a CMDB in large-scale environments integrated network management. pp. 732- 745 ,(2009) , 10.1109/INM.2009.5188880
Eli Weintraub, Security Risk Scoring Incorporating Computers' Environment International Journal of Advanced Computer Science and Applications. ,vol. 7, ,(2016) , 10.14569/IJACSA.2016.070423
Eli Weintraub, Evaluating Damage Potential in Security Risk Scoring Models International Journal of Advanced Computer Science and Applications. ,vol. 7, ,(2016) , 10.14569/IJACSA.2016.070547
K L Dempsey, N S Chawla, L A Johnson, R Johnston, A C Jones, A D Orebaugh, M A Scholl, K M Stine, Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations Information Technology Laboratory (National Institute of Standards and Technology). Computer Security Division. ,(2011) , 10.6028/NIST.SP.800-137