Abstract | ||
---|---|---|
This paper proposes an approach, called pwnPr3d, for quantitatively estimating information security risk in ICT systems. Unlike many other risk analysis approaches that rely heavily on manual work and security expertise, this approach comes with built-in security risk analysis capabilities. pwnPr3d combines a network architecture modeling language and a probabilistic inference engine to automatically generate an attack graph, making it possible to identify threats along with the likelihood of these threats exploiting a vulnerability. After defining the value of information assets to their organization with regards to confidentiality, integrity and availability breaches, pwnPr3d allows users to automatically quantify information security risk over time, depending on the possible progression of the attacker. As a result, pwnPr3d provides stakeholders in organizations with a holistic approach that both allows high-level overview and technical details. |
Year | DOI | Venue |
---|---|---|
2016 | 10.1007/978-3-319-57858-3_4 | RISK ASSESSMENT AND RISK-DRIVEN QUALITY ASSURANCE, RISK 2016 |
Keywords | Field | DocType |
Quantitative risk analysis, Attack graphs, Threat modeling, Network security, Information security | Computer security,Computer science,Risk analysis (business),Threat model,Network security,Information security,Modeling language,Risk analysis (engineering),Value of information,Probabilistic logic,Vulnerability | Conference |
Volume | ISSN | Citations |
10224 | 0302-9743 | 0 |
PageRank | References | Authors |
0.34 | 0 | 5 |
Name | Order | Citations | PageRank |
---|---|---|---|
Pontus Johnson | 1 | 788 | 55.88 |
Alexandre Vernotte | 2 | 24 | 3.65 |
dan gorton | 3 | 13 | 2.39 |
Mathias Ekstedt | 4 | 634 | 49.70 |
Robert Lagerström | 5 | 401 | 36.58 |