Evaluating Damage Potential in Security Risk Scoring Models
نویسنده
چکیده
A Continuous Monitoring System (CMS) model is presented, having new improved capabilities. The system is based on the actual real-time configuration of the system. Existing risk scoring models assume damage potential is estimated by systems' owner, thus rejecting the information relying in the technological configuration. The assumption underlying this research is based on users' ability to estimate business impacts relating to systems' external interfaces which they use regularly in their business activities, but are unable to assess business impacts relating to internal technological components. According to the proposed model systems' damage potential is calculated using technical information on systems' components using a directed graph. The graph is incorporated into the Common Vulnerability Scoring Systems' (CVSS) algorithm to produce risk scoring measures. Framework presentation includes system design, damage potential scoring algorithm design and an illustration of scoring
منابع مشابه
Evaluating Confidentiality Impact in Security Risk Scoring Models
Risk scoring models assume that confidentiality evaluation is based on user estimations. Confidentiality evaluation incorporates the impacts of various factors including systems' technical configuration, on the processes relating to users' confidentiality. The assumption underlying this research is that system users are not capable of estimating systems' confidentiality since they lack the know...
متن کاملارائه الگویی برای ارزیابی ریسک آتشسوزیهای عمدی
Background & Objectives : It is not possible to live without using fire. However, fire could destruct human properties in a short time. One of the most important types of fire is intentional fire. This type of fire has become a great problem for insurance companies, fire departments, industries, government and business in the recent years. This study aimed to provide a framework for risk assess...
متن کاملInvestigating the missing data effect on credit scoring rule based models: The case of an Iranian bank
Credit risk management is a process in which banks estimate probability of default (PD) for each loan applicant. Data sets of previous loan applicants are built by gathering their data, and these internal data sets are usually completed using external credit bureau’s data and finally used for estimating PD in banks. There is also a continuous interest for bank to use rule based classifiers to b...
متن کاملRunoff Production Potential Zoning Using Fuzzy GIS-MCDA Models (Case Study: Tajan River Basin)
Because in Iran, flood phenomenon has the highest financial losses and death tolls among the natural disasters, thus reducing the damage caused by it has been considered for a long time and it is regarded essential. The most urgent action to deal with this natural disaster is to make preparations and take measures to reduce its harmful effects. One of the basic measures in this regard is the re...
متن کاملA Systematic Approach to a Qualified Security Risk Analysis for Vehicular IT Systems
Strong IT security measures are often mandatory to enforce vehicular business models, liability, legal issues, warranty issues, and in particular to ensure the dependability of many of the next generation vehicular safety systems [An03, Br04, Wo09]. The automotive security protection measures, which will become actually implemented, should be determined by a well-founded costs benefit analysis,...
متن کامل