Security risk metrics: Fusing enterprise objectives and vulnerabilities

Proceedings from the 6th Annual IEEE System, Man and Cybernetics Information Assurance Workshop, SMC 2005

Volumn 2005, Issue , 2005, Pages 388-393

  Clark, K ^a   Dawkins, J ^a   Haie, J ^a  

^a NONE

Author keywords

[No Author keywords available]

Indexed keywords

EXPOSURE CONTROLS; MANAGEMENT INFORMATION SYSTEMS; RISK ASSESSMENT; RISK MANAGEMENT; SECURITY OF DATA; SOCIETIES AND INSTITUTIONS;

HIGH RISK EXPOSURES; MISSION TREES; SECURITY AUDITORS; SECURITY RISK METRICS; VULNERABILITY SCANNER;

COMPUTER NETWORKS;

EID: 33745454950     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/IAW.2005.1495978     Document Type: Conference Paper

References (18)

1. J. I. Alger, "On assurance, measures, and metrics: Definitions and approaches," in Proceedings of the 1st ISSRR Workshop, ACSAC, 2001.
2. P. Bicknell, "Security assertions, criteria, and metrics: Developed for the IRS," in Proceedings of the 1st ISSRR Workshop, ACSAC.
3. N. Seddigh, P. Pieda, A. Matrawy, B. Nandy, J. Lambadaris, and A. Hatfield, "Current trends and advances in information assurance metrics," in Proceedings of the Second Annual Conference on Privacy, Security and Trust, pp. 197-204, Privacy, Security, and Trust. 2004.
4. B. Wood and J. Bouchard, "Red team work factor as a security measurement," in Proceedings of the 1st ISSRR Workshop, ACSAC, March 2001.
5. B. S. Yee, "Security metrology and the monty hall problem," in Proceedings of the 1st ISSRR Workshop, ACSAC, April 2001.
6. J. McHugh, "Quantitative measures of assurance: Prophecy, process, or pipedream?," in Proceedings of the 1st ISSRR Workshop, ACS AC, May 2001.
7. R. B. Vaughn, "Are measures and metrics for trusted information systems possible?," in Proceedings of the 1st ISSRR Workshop, ACSAC, May 2001.
8. R. T. Mercuri, "Analyzing security costs," Communications of the ACM, vol. 46, pp. 15-18, June 2003.
9. D. J. Bodeau, "Information assurance assessment: Lessons-learned and challenges," in Proceedings of the 1st ISSRR Workshop, ACSAC, May 2001.
10. A. Hunstad, J. Halberg, and R. Andersson, "Measuring IT security - a method based on common criteria's security functional requirements," in Proceedings from the fifth IEEE Systems. Man and Cybernetics Information Assurance Workshop, IEEE, IEEE, 2004.
11. G. Rogers and B. Stauffer, "An approach to InfoSec program metrics," in Proceedings of the 1st ISSRR Workshop. ACSAC, March 26 2001.
12. D. McCallam. "The case against numerical measures for information assurance," in Proceedings of the 1st ISSRR Workshop, ACSAC, May 2001.
13. E. A. Schneider, "Measurements of system security," in Proceedings of the 1st ISSRR Workshop, ACSAC, May 2001.
14. Nessus. http://www.nessus.org.
15. "Visionael security audit," tech. rep., Visionael Corporation. http://www.visionael.com/.
16. M. Swanson, N. Bartol, J. Sabato, J. Hash, and L. Graffo, "Security metrics guide for information technology systems." National Institute for Standards Publication 800-55, July 2003.
17. "Infosec assessment methodology," tech. rep., National Security Agency. http://www.iatrp.com/iam.cfm.
18. J. Dawkins and J. Hale, "A systematic approach to multi-stage network attack analysis," in Second IEEE International Information Assurance Workshop (IWIA'04), pp. 48-58, IEEE Computer Society, 2004.