Talks and Poster Presentations (with Proceedings-Entry):
"An Ontology- and Bayesian-based Approach for Determining Threat Probabilities";
Talk: ACM Symposium on Information, Computer, and Communications Security (ASIACCS 2011),
- 2011-03-24; in: "ASIA CCS '11: 6th ACM Symposium on Information, Compuer and Communications Security",
New York, USA
Information security risk management is crucial for ensuring long-term business success and thus numerous approaches to implementing an adequate information security risk management strategy have been proposed. The subjective threat probability determination is one of the main reasons for an inadequate information security strategy endangering the organization in performing its mission. To address the problem we developed an ontology- and Bayesian-based approach to determine threat probabilities taking general information security knowledge and organization-specific knowledge about existing control implementations and attacker profiles into account. The elaborated concepts enable risk managers to comprehensibly quantify by the Bayesian threat probability determination the current security status of their organization.
threat probability determination, information security risk management
"Official" electronic version of the publication (accessed through its Digital Object Identifier - DOI)
Project Head A Min Tjoa:
Created from the Publication Database of the Vienna University of Technology.