Your Search Results

Use this resource - and many more! - in your textbook!

AcademicPub holds over eight million pieces of educational content for you to mix-and-match your way.

Experience the freedom of customizing your course pack with AcademicPub!
Not an educator but still interested in using this content? No problem! Visit our provider's page to contact the publisher and get permission directly.

Combining Defense Graphs and Enterprise Architecture Models for Security Analysis

By: Ekstedt, M.; Sommestad, T.; Johnson, P.;

2008 / IEEE / 978-0-7695-3373-5


This item was taken from the IEEE Conference ' Combining Defense Graphs and Enterprise Architecture Models for Security Analysis ' Security is dependent on a mixture of interrelated concepts such as technical countermeasures, organizational policies, security procedures, and more. To facilitate rational decision making, these concepts need to be combined into an overall judgment on the current security posture, as well as potential future ones. Decision makers are, however, faced with uncertainty regarding both what countermeasures that is in place, and how well different countermeasures contribute to mitigating attacks. This paper presents a security assessment framework using the Bayesian statistics-based Extended Influence Diagrams to combine attack graphs with countermeasures into defense graphs. The approach makes it possible to calculate the probability that attacks succeed based on an enterprise architecture model. The framework also takes uncertainties of the security assessment into consideration. Moreover, using the extended influence diagram formalism the expected loss from each attack can be calculated.