A quantitative CVSS-based cyber security risk assessment methodology for IT systems

M. Ugur Aksu, M. Hadi Dilek, E. Islam Tatli, Kemal Bicakci, H. Ibrahim Dirik, M. Umut Demirezen, Tayfun Aykir

Araştırma sonucu: Kitap/Rapor/Konferans Bildirisinde BölümKonferans katkısıbilirkişi

60 Atıf (Scopus)

Özet

IT system risk assessments are indispensable due to increasing cyber threats within our ever-growing IT systems. Moreover, laws and regulations urge organizations to conduct risk assessments regularly. Even though there exist several risk management frameworks and methodologies, they are in general high level, not defining the risk metrics, risk metrics values and the detailed risk assessment formulas for different risk views. To address this need, we define a novel risk assessment methodology specific to IT systems. Our model is quantitative, both asset and vulnerability centric and defines low and high level risk metrics. High level risk metrics are defined in two general categories; base and attack graph-based. In our paper, we provide a detailed explanation of formulations in each category and make our implemented software publicly available for those who are interested in applying the proposed methodology to their IT systems.

Orijinal dilİngilizce
Ana bilgisayar yayını başlığıProceedings - 2017 International Carnahan Conference on Security Technology, ICCST 2017
EditörlerJavier Ortega-Garcia, Aythami Morales, Julian Fierrez, Ruben Vera-Rodriguez, Riccardo Lazzeretti
YayınlayanInstitute of Electrical and Electronics Engineers Inc.
Sayfalar1-8
Sayfa sayısı8
ISBN (Elektronik)9781538615850
DOI'lar
Yayın durumuYayınlandı - 5 Ara 2017
Harici olarak yayınlandıEvet
Etkinlik2017 International Carnahan Conference on Security Technology, ICCST 2017 - Madrid, Spain
Süre: 23 Eki 201726 Eki 2017

Yayın serisi

AdıProceedings - International Carnahan Conference on Security Technology
Hacim2017-October
ISSN (Basılı)1071-6572

???event.eventtypes.event.conference???

???event.eventtypes.event.conference???2017 International Carnahan Conference on Security Technology, ICCST 2017
Ülke/BölgeSpain
ŞehirMadrid
Periyot23/10/1726/10/17

Bibliyografik not

Publisher Copyright:
© 2017 IEEE.

Parmak izi

A quantitative CVSS-based cyber security risk assessment methodology for IT systems' araştırma başlıklarına git. Birlikte benzersiz bir parmak izi oluştururlar.

Alıntı Yap