Cyber security quantification model

Khan, Muhammad Asif; Hussain, Mureed

doi:10.1145/1854099.1854130

Cited by 10 publications

(7 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The study enriches the ISSRM domain model with suited metrics towards a measuring framework for security risk management but did not measure dependability metrics. Khan and Hussain (2010) used a unified model for the quantification of cybersecurity that considered most of the parameters and services in cybersecurity, but the model did not capture some important services and cannot apply to a real-life scenario. Joh and Malaiya (2011) formally defines risk measures and examines possible approaches for assessing risk using actual data.…”

Section: Related Workmentioning

confidence: 99%

“…Cyberspace management involves the security of network critical infrastructure through cybersecurity procedures. Cyber Security (CS) is a whole set of procedures and systems protecting networks from intentional and unintentional damages or danger in cyberspace through services like confidentiality, integrity, authentication, and availability (Khan and Hussain, 2010).…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

An Improved Stochastic Model for Cybersecurity Risk Assessment

Abimbola¹,

Akinyemi²,

Temitope³

et al. 2019

CIS

View full text Add to dashboard Cite

Most of the existing solutions in cybersecurity analysis has been centered on identifying threats and vulnerabilities, and also providing suitable defense mechanisms to improve the robustness of the cyberspace network. These solutions lack effective capabilities to countermeasure the effect of risks and perform long-term prediction. In this paper, an improved risk assessment model for cyberspace security that will effectively predict and mitigate the consequences of risk was developed. Real-time vulnerabilities of a selected network were scanned and analysed and the ease of vulnerability exploitability was assessed. A Risk Assessment Model was formulated using the synergy of Absorbing Markov Chain and Markov Reward Model. The model was utilized to analyse cybersecurity state of the selected network. The proposed model was simulated using R-Statistical Package, and its performance was evaluated by benchmarking with an existing model, using Reliability and Availability as metrics. The result showed that the proposed model has higher reliability and availability over the existing model. This implied that there is a significant improvement in the assessment of security situations in a cyberspace network.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

An Improved Stochastic Model for Cybersecurity Risk Assessment

Abimbola¹,

Akinyemi²,

Temitope³

et al. 2019

CIS

View full text Add to dashboard Cite

show abstract

“…Axelrad et al [ 7 ] introduced a Bayesian network model for the motivation and psychology of the malicious insider. Khan and Hussain [ 8 ] established relationships between attack probability and vulnerability. However, the collective influence of attack environment factors on the attack was not revealed.…”

Section: Related Workmentioning

confidence: 99%

“…Shar et al [ 12 ] predicted vulnerabilities with features related to dataflow. Khan and Hussain [ 8 ] stated that it is safe to assume that all these factors have individual linear relationships with the probability of attack. A similar relationship is seen from the scatterplot of the impact of an attack and the environmental factors considered.…”

Section: Prediction Modelmentioning

confidence: 99%

Using a Prediction Model to Manage Cyber Security Threats

Jaganathan

Cherurveettil

Sivashanmugam

2015

The Scientific World Journal

View full text Add to dashboard Cite

Cyber-attacks are an important issue faced by all organizations. Securing information systems is critical. Organizations should be able to understand the ecosystem and predict attacks. Predicting attacks quantitatively should be part of risk management. The cost impact due to worms, viruses, or other malicious software is significant. This paper proposes a mathematical model to predict the impact of an attack based on significant factors that influence cyber security. This model also considers the environmental information required. It is generalized and can be customized to the needs of the individual organization.

show abstract

“…Somente três trabalhos envolvem o uso de dados reais. Porém, dentre esses trabalhos, dois deles [19] e [12] não fornecem uma descrição clara dos conjuntos de dados usados, comprometendo a reproducão e comparação dos métodos.…”

Section: Tabela 1: Como As Diferentes Metodologias Para Quantificar Sunclassified

Investigação sobre a Ausência de Validação nos Métodos Empregados para Quantificar Segurança da Informação

Miani¹,

Zarpelão²,

Mendes³

2015

Anais Do Simpósio Brasileiro De Sistemas De Informação (SBSI)

View full text Add to dashboard Cite

RESUMOAárea conhecida como quantificação de segurançaé fundamental para construção de modelos e métricas relevantes para apoiar as decisões que devem ser tomadas para a proteção de sistemas e redes. A investigação proposta nesse trabalho consiste em identificar as razões que envolvem a ausência de validação nos métodos empregados para a quantificação da segurança. Os resultados encontrados ao longo da análise crítica e classificação de 57 trabalhos científicos revelam que grande parte dos modelos para quantificar segurança buscam medir alvos genéricos e complexos, como por exemplo medir a segurança da rede ou a segurança da organização, contudo, as tentativas de validações aparecem com maior frequência nos trabalhos que propõem a quantificação de alvos locais e específicos. Palavras-ChaveModelos de quantificação de segurança, Métricas de segurança, Validação ABSTRACTTo understand the actions that lead to successful attacks and also how they can be mitigated, researchers should identify and measure the factors that influence both attackers and victims. Quantifying security is particularly important to construct relevant metrics that support the decisions that need to be made to protect systems and networks. In this work, we aimed at investigating the lack of validation in security quantification methods. Different approaches to security quantification were examined and 57 papers are classified. The results show that most of papers seek to measure generic and complex targets like measuring network security or the security of an entire organization, however, the incidence of validation attempts is higher in works that propose the quantification of specific targets.

show abstract

Cyber security quantification model

Cited by 10 publications

References 4 publications

An Improved Stochastic Model for Cybersecurity Risk Assessment

An Improved Stochastic Model for Cybersecurity Risk Assessment

Using a Prediction Model to Manage Cyber Security Threats

Investigação sobre a Ausência de Validação nos Métodos Empregados para Quantificar Segurança da Informação

Contact Info

Product

Resources

About