Attacker economics for Internet - scale vulnerability risk assessment ( Extended
نویسندگان
چکیده
Luca Allodi DISI University of Trento, Italy http: // disi. unitn. it/
منابع مشابه
Attacker Economics for Internet-scale Vulnerability Risk Assessment
Vulnerability risk assessment is a crucial process in security management, and the CVSS score is the standard-de-facto risk metric for software vulnerabilities. In this manuscript I show that current risk assessment methodologies do not fit real “in the wild” attack data. I also present my three-steps plan to identify an Internet-scale risk assessment methodology that accounts for attacker econ...
متن کاملReconciling Malicious and Accidental Risk in Cyber Security
Consider the question whether a cyber security investment is cost-effective. The result will depend on the expected frequency of attacks. Contrary to what is referred to as threat event frequencies or hazard rates in safety risk management, frequencies of targeted attacks are not independent from system design, due to the strategic behaviour of attackers. Although there are risk assessment meth...
متن کاملAnalysis of Information Security Problem by Probabilistic Risk Assessment
The information security risk assessment is investigated from perspectives of most advanced probabilistic risk assessment (PRA) for nuclear power plants. Accident scenario enumeration by initiating events, mitigation systems and event trees are first described and demonstrated. Assets, confidentiality, integrity, availability, threats, vulnerabilities, impacts, likelihoods, and safeguards are r...
متن کاملSecurity Events and Vulnerability Data for Cybersecurity Risk Estimation.
Current industry standards for estimating cybersecurity risk are based on qualitative risk matrices as opposed to quantitative risk estimates. In contrast, risk assessment in most other industry sectors aims at deriving quantitative risk estimations (e.g., Basel II in Finance). This article presents a model and methodology to leverage on the large amount of data available from the IT infrastruc...
متن کاملOntology-Based Document Profile for Vulnerability Relevancy Analysis
System vulnerability is the common weak point for attacker to break into the system. Patching or reconfiguration is usually slow, and difficult or risky to system stability. Our research defines a framework for vulnerability prioritization based on relevancy calculated from online information. In this paper, the idea of subcontext and the Ontology-based Document Profile (ODP) are introduced. OD...
متن کامل