Skip to main content

Estimating ToE Risk Level Using CVSS

Houmb, Siv Hilde, Franqueira, Virginia N. L. (2009) Estimating ToE Risk Level Using CVSS. In: Proceedings: International Conference on Availability, Reliability and Security (ARES 2009). . pp. 718-725. IEEE ISBN 978-0-7695-3564-7. (doi:10.1109/ares.2009.151) (The full text of this publication is not currently available from this repository. You may be able to access a copy if URLs are provided)

The full text of this publication is not currently available from this repository. You may be able to access a copy if URLs are provided. (Contact us about this Publication)
Official URL
https://doi.org/10.1109/ares.2009.151

Abstract

Security management is about calculated risk and requires continuous evaluation to ensure cost, time and resource effectiveness. Parts of which is to make future-oriented, cost-benefit investments in security. Security investments must adhere to healthy business principles where both security and financial aspects play an important role. Information on the current and potential risk level is essential to successfully trade-off security and financial aspects. Risk level is the combination of the frequency and impact of a potential unwanted event, often referred to as a security threat or misuse. The paper presents a risk level estimation model that derives risk level as a conditional probability over frequency and impact estimates. The frequency and impact estimates are derived from a set of attributes specified in the Common Vulnerability Scoring System (CVSS). The model works on the level of vulnerabilities (just as the CVSS) and is able to compose vulnerabilities into service levels. The service levels define the potential risk levels and are modelled as a Markov process, which are then used to predict the risk level at a particular time.

Item Type: Conference or workshop item (Proceeding)
DOI/Identification number: 10.1109/ares.2009.151
Uncontrolled keywords: Quantifying security, Operational security, Risk estimation, Calculated risk, CVSS
Divisions: Faculties > Sciences > School of Computing > Security Group
Depositing User: Virginia Nunes Leal Franqueira
Date Deposited: 10 Oct 2019 15:40 UTC
Last Modified: 11 Oct 2019 13:56 UTC
Resource URI: https://kar.kent.ac.uk/id/eprint/77201 (The current URI for this page, for reference purposes)
Franqueira, Virginia N. L.: https://orcid.org/0000-0003-1332-9115
  • Depositors only (login required):