Formal analysis of security metrics and risk
作者: Leanid Krautsevich , Fabio Martinelli , Artsiom Yautsiukhin
DOI: 10.1007/978-3-642-21040-2_22
关键词:
摘要: Security metrics are usually defined informally and, therefore, the rigourous analysis of these is a hard task. This required to identify existing relations between security metrics, which try quantify same quality: security. Risk, computed as Annualised Loss Expectancy, often used in order give overall assessment whole. Risk and separately relation indicators have not been considered thoroughly. In this work we fill gap by providing formal definition risk risk.
springer.com
core.ac.uk
cnr.it 
sci-hub.st 参考文章(28)
Stuart Schechter, How to Buy Better Testing InfraSec '02 Proceedings of the International Conference on Infrastructure Security. pp. 73- 87 ,(2002)
Stuart Schechter, How to Buy Better Testing Using Competition to Get the Most Security and Robustness for Your Dollar Lecture Notes in Computer Science. pp. 73- 87 ,(2002) , 10.1007/3-540-45831-X_6
Valentina Casola, Antonino Mazzeo, Nicola Mazzocca, Massimiliano Rak, A SLA evaluation methodology in Service Oriented Architectures Quality of Protection. pp. 119- 130 ,(2006) , 10.1007/978-0-387-36584-8_10
Martin P. Loeb, Lawrence A. Gordon, Managing Cybersecurity Resources (The Mcgraw-Hill Homeland Security Series) McGraw-Hill Pub. Co.. ,(2005)
Debra S. Herrmann, Complete Guide to Security and Privacy Metrics ,(2007)
Martin P. Loeb, Lawrence A. Gordon, Managing Cybersecurity Resources: A Cost-Benefit Analysis ,(2005)
Günter Karjoth, Birgit Pfitzmann, Matthias Schunter, Michael Waidner, Service-oriented Assurance — Comprehensive Security by Explicit Assurances Quality of Protection. pp. 13- 24 ,(2006) , 10.1007/978-0-387-36584-8_2
Pratyusa K. Manadhata, Kymie M. Tan, Roy A. Maxion, Jeannette M. Wing, An Approach to Measuring a System's Attack Surface Defense Technical Information Center. ,(2007) , 10.21236/ADA476977
Debra S. Herrmann, Complete Guide to Security and Privacy Metrics: Measuring Regulatory Compliance, Operational Resilience, and ROI Auerbach Publications. ,(2007) , 10.1201/9781420013283
Lingyu Wang, Tania Islam, Tao Long, Anoop Singhal, Sushil Jajodia, An Attack Graph-Based Probabilistic Security Metric Proceeedings of the 22nd annual IFIP WG 11.3 working conference on Data and Applications Security. ,vol. 5094, pp. 283- 296 ,(2008) , 10.1007/978-3-540-70567-3_22