[Zurück]


Vorträge und Posterpräsentationen (mit Tagungsband-Eintrag):

S. Fenz:
"An Ontology- and Bayesian-based Approach for Determining Threat Probabilities";
Vortrag: ACM Symposium on Information, Computer, and Communications Security (ASIACCS 2011), Hongkong; 22.03.2011 - 24.03.2011; in: "ASIA CCS '11: 6th ACM Symposium on Information, Compuer and Communications Security", ACM, New York, USA (2011), ISBN: 978-145-030-564-8; S. 344 - 354.



Kurzfassung englisch:
Information security risk management is crucial for ensuring long-term business success and thus numerous approaches to implementing an adequate information security risk management strategy have been proposed. The subjective threat probability determination is one of the main reasons for an inadequate information security strategy endangering the organization in performing its mission. To address the problem we developed an ontology- and Bayesian-based approach to determine threat probabilities taking general information security knowledge and organization-specific knowledge about existing control implementations and attacker profiles into account. The elaborated concepts enable risk managers to comprehensibly quantify by the Bayesian threat probability determination the current security status of their organization.

Schlagworte:
threat probability determination, information security risk management


"Offizielle" elektronische Version der Publikation (entsprechend ihrem Digital Object Identifier - DOI)
http://dx.doi.org/10.1145/1966913.1966958



Zugeordnete Projekte:
Projektleitung A Min Tjoa:
Security Ontologies


Erstellt aus der Publikationsdatenbank der Technischen Universitšt Wien.