The Vulnerability Assessment for Active Networks; Model, Policy, Procedures, and Performance Evaluations

Han, Yunghsiang S.; Yang, Jin S.; Chang, Byeng Hee; Na, Jung C.; Chung, Tai-Myoung

doi:10.1007/978-3-540-24707-4_24

Cited by 7 publications

(2 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Han, Yang and Chang described an expansible vulnerability model in order to qualitatively assess the security of an active network aiming at solving a problem that it is more suited for an active network, than a traditional one [27]. Eom, Park and Han introduced a risk assessment method based on asset valuation and quantification [19].…”

Section: Overview Of Risk Assessment Methodologiesmentioning

confidence: 99%

Risk assessment for a video surveillance system based on Fuzzy Cognitive Maps

Szwed

Skrzynski

Chmiel

2014

Multimed Tools Appl

View full text Add to dashboard Cite

For various IT systems security is considered a key quality factor. In particular, it might be crucial for video surveillance systems, as their goal is to provide continuous protection of critical infrastructure and other facilities. Risk assessment is an important activity in security management; it aims at identifying assets, threats and vulnerabilities, analysis of implemented countermeasures and their effectiveness in mitigating risks. This paper discusses an application of a new risk assessment method, in which risk calculation is based on Fuzzy Cognitive Maps (FCMs) to a complex automated video surveillance system. FCMs are used to capture dependencies between assets and FCM based reasoning is applied to aggregate risks assigned to lower-level assets (e.g. cameras, hardware, software modules, communications, people) to such high level assets as services, maintained data and processes. Lessons learned indicate, that the proposed method is an efficient and lowcost approach, giving instantaneous feedback and enabling reasoning on effectiveness of security system.

show abstract

Section: Overview Of Risk Assessment Methodologiesmentioning

confidence: 99%

Risk assessment for a video surveillance system based on Fuzzy Cognitive Maps

Szwed

Skrzynski

Chmiel

2014

Multimed Tools Appl

View full text Add to dashboard Cite

show abstract

“…These techniques provide a representation of system operations and undesirable events, and a validation of the system safety level (Craft et al, 1998;Modarres et al, 1999;Bowles and Wan, 2001;Stathiakis et al, 2003;Cervesato and Meadows, 2003). Han et al (2004) described an expansible vulnerability model in order to qualitatively assess the security of an active network and active nodes, aiming at solving a problem that is more suited for an active network than a traditional one. Eom et al (2007) introduced a risk assessment method based on asset valuation and quantification.…”

Section: Related Workmentioning

confidence: 99%

A new lightweight method for security risk assessment based on fuzzy cognitive maps

Szwed

Skrzynski

2014

International Journal of Applied Mathematics and Computer Science

View full text Add to dashboard Cite

For contemporary software systems, security is considered to be a key quality factor and the analysis of IT security risk becomes an indispensable stage during software deployment. However, performing risk assessment according to methodologies and standards issued for the public sector or large institutions can be too costly and time consuming. Current business practice tends to circumvent risk assessment by defining sets of standard safeguards and applying them to all developed systems. This leads to a substantial gap: threats are not re-evaluated for particular systems and the selection of security functions is not based on risk models. This paper discusses a new lightweight risk assessment method aimed at filling this gap. In this proposal, Fuzzy Cognitive Maps (FCMs) are used to capture dependencies between assets, and FCM-based reasoning is performed to calculate risks. An application of the method is studied using an example of an e-health system providing remote telemonitoring, data storage and teleconsultation services. Lessons learned indicate that the proposed method is an efficient and low-cost approach, giving instantaneous feedback and enabling reasoning on the effectiveness of the security system.

show abstract