Use this resource - and many more! - in your textbook!
AcademicPub holds over eight million pieces of educational content for you to mix-and-match your way.
Combining Defense Graphs and Enterprise Architecture Models for Security Analysis
By: Ekstedt, M.; Sommestad, T.; Johnson, P.;
2008 / IEEE / 978-0-7695-3373-5
This item was taken from the IEEE Conference ' Combining Defense Graphs and Enterprise Architecture Models for Security Analysis ' Security is dependent on a mixture of interrelated concepts such as technical countermeasures, organizational policies, security procedures, and more. To facilitate rational decision making, these concepts need to be combined into an overall judgment on the current security posture, as well as potential future ones. Decision makers are, however, faced with uncertainty regarding both what countermeasures that is in place, and how well different countermeasures contribute to mitigating attacks. This paper presents a security assessment framework using the Bayesian statistics-based Extended Influence Diagrams to combine attack graphs with countermeasures into defense graphs. The approach makes it possible to calculate the probability that attacks succeed based on an enterprise architecture model. The framework also takes uncertainties of the security assessment into consideration. Moreover, using the extended influence diagram formalism the expected loss from each attack can be calculated.
Enterprise Architecture Models
Rational Decision Making
Security Assessment Framework
Extended Influence Diagrams
Unified Modeling Language
Business Data Processing
Security Of Data