2017 International Carnahan Conference on Security Technology (ICCST) 2017
DOI: 10.1109/ccst.2017.8167819
|View full text |Cite
|
Sign up to set email alerts
|

A quantitative CVSS-based cyber security risk assessment methodology for IT systems

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
2
1

Citation Types

0
31
0

Year Published

2018
2018
2023
2023

Publication Types

Select...
5
3
2

Relationship

1
9

Authors

Journals

citations
Cited by 59 publications
(31 citation statements)
references
References 7 publications
0
31
0
Order By: Relevance
“…Zhang [11] proposed the use of conditional probability when performing the risk assessment based on CVSS v3. Aksu [12] defined the risk metrics based on CVSS v3 to calculate the risk of an IT system, similar to vulnerability score calculated under CVSS v3. The above methodologies of risk assessment were mainly proposed for traditional computer networks.…”
Section: Related Workmentioning
confidence: 99%
“…Zhang [11] proposed the use of conditional probability when performing the risk assessment based on CVSS v3. Aksu [12] defined the risk metrics based on CVSS v3 to calculate the risk of an IT system, similar to vulnerability score calculated under CVSS v3. The above methodologies of risk assessment were mainly proposed for traditional computer networks.…”
Section: Related Workmentioning
confidence: 99%
“…The CVSS is supported by the National Vulnerability Database (NVD) of the United States. All CVE vulnerabilities in the NVD contain the basic value of the CVSS [21]. The quantification of the DAS attack probability is closely related to the evaluation indexes of vulnerabilities for all parts of a DAS and plays an important auxiliary role in the quantification of an attack process in the DAS.…”
Section: Cvssmentioning
confidence: 99%
“…Similarly to estimate the network security, the CVSS and Attack graph approach is adopted in [5,6]. For cybersecurity assessment the authors in [7,8] implement CVSS. M Aslam et al introduces a security auditing and certification system namely ASArP which is also used CVSS for highlighting the impact of each misconfigured components of the system [9].…”
Section: Motivation and Related Workmentioning
confidence: 99%