Time-to-compromise model for cyber risk reduction estimation

Advances in Information Security

Volumn 23, Issue , 2006, Pages 49-64

  McQueen, Miles A ^a   Boyer, Wayne F ^a   Flynn, Mark A ^a   Beitel, George A ^a  

^a IDAHO NATIONAL LABORATORY   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

EID: 84882594747     PISSN: 15682633     EISSN: None     Source Type: Book Series    
DOI: 10.1007/978-0-387-36584-8_5     Document Type: Article

References (15)

1. Browne, H. K., McHugh, J., Arbaugh, W.A. and Fithen, W.L., "A trend Analysis of Exploitations, " technical report CS-TR-4200, University of Maryland and Software Engineering Institute, November 2002.
2. Cohen, F., "Managing Network Security The Millisecond Fantasy, " http://all.net/j ournal/netsec/1999-2003.html, 2003.
3. Evans, M., Hastings, N. and Peacock, B., "Statistical Distributions, " Second Edition, 1993.
4. Jonsson, E., "A Quantitative Model of the Security Intrusion Process Based on Attacker Behavior, " IEEE Transactions on Software Engineering, Vo123 No 4, April 1997.
5. Rescorla, E., "Is Finding Security Holes a Good Idea, " IEEE Security & Privacy, January-February 2005.
6. Turner, D., ed., "Symantec lnternet Security Threat Report, " Volume VI, September, 2004, http://enterprisesecurity.symantec.com/content.cfm?articleid= 1539, 2004.
7. Byres, E. J., Franz, M. and Miller, D., 'The Use of Attack Trees in Assessing Vulnerabilities in SCADA Systems,' International Infrastructure Survivability Workshop (IISW '04), IEEE, Lisbon, Portugal, December 4, 2004
8. Carlson, R. E., Turnquist, M. A. and Nozick, L. K., Expected Losses, Insurability, and Benefits from Reducing Vulnerability to Attacks, SAND2004-0742, Sandia National Laboratories, Albuquerque, New Mexico, 2004.
9. Dacier, M., Deswarte, Y. and Kaaniche, M., "Quantitative Assessment of Operational Security: Models and Tools" Information Systems Security, ed. by S. K. Katsikas and D. Gritzalis, London, Chapman & Hall, p. 179-86, 1996.
10. Haimes, Yacov Y., "Accident Precursors, Terrorist Attacks, and Systems Engineering, " Presented at the NAE Workshop, 2003.
11. Madan, B. B., Go-eva-Popstojavova, K., Vaidyanathan, K. and Trivedi, K. S., "Modeling and Quantification of Security Attributes of Software Systems, " International Conference on Dependable Systems and Networks, Washington, DC, 2002.
12. Major, J. A., "Advanced Techniques for Modeling Terrorism Risk, " Journal of Risk Finance, Fall 2002.
13. McQueen, M. A., Boyer, W. F., Flynn, M. A. and Beitel, G. A., "Quantitative Cyber Risk Reduction Estimation for a SCADA Control System, " INL/EXT-05-00319, Idaho National Laboratory, CSSC Report, prepared for U.S. Department of Homeland Security, May 17, 2005.
14. Sheyner, O., Haines, J., Jha, S., Lippmann, R. and Wing, J. M., "Automated Generation and Analysis of Attack Graphs, " Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy, Berkeley, California, May 2002, 273-284.
15. Taylor C., Krings, A. and Alves-Foss, J., "Risk Analysis and Probabilistic Survivability Assessment (RAPSA): An Assessment Approach for Power Substation Hardening, " Proc. ACM Workshop on Scientific Aspects of Cyber Terrorism, (SACT), Washington DC, November 21, 2002.