Quantitative Security Risk Assessment of Enterprise Networks

¡
¡ Springer Science & Business Media
āĻ‡-āĻŦā§āĻ•
28
āĻĒā§ƒāĻˇā§āĻ āĻž
āĻ°ā§‡āĻŸāĻŋāĻ‚ āĻ“ āĻ°āĻŋāĻ­āĻŋāĻ‰ āĻ¯āĻžāĻšāĻžāĻ‡ āĻ•āĻ°āĻž āĻšā§ŸāĻ¨āĻŋ  āĻ†āĻ°āĻ“ āĻœāĻžāĻ¨ā§āĻ¨

āĻāĻ‡ āĻ‡-āĻŦā§āĻ•ā§‡āĻ° āĻŦāĻŋāĻˇā§Ÿā§‡

Protection of enterprise networks from malicious intrusions is critical to the economy and security of our nation. This article gives an overview of the techniques and challenges for security risk analysis of enterprise networks. A standard model for security analysis will enable us to answer questions such as “are we more secure than yesterday” or “how does the security of one network configuration compare with another one”. In this article, we will present a methodology for quantitative security risk analysis that is based on the model of attack graphs and the Common Vulnerability Scoring System (CVSS). Our techniques analyze all attack paths through a network, for an attacker to reach certain goal(s).

āĻ‡-āĻŦā§āĻ•ā§‡ āĻ°ā§‡āĻŸāĻŋāĻ‚ āĻĻāĻŋāĻ¨

āĻ†āĻĒāĻ¨āĻžāĻ° āĻŽāĻ¤āĻžāĻŽāĻ¤ āĻœāĻžāĻ¨āĻžāĻ¨āĨ¤

āĻĒāĻ āĻ¨ āĻ¤āĻĨā§āĻ¯

āĻ¸ā§āĻŽāĻžāĻ°ā§āĻŸāĻĢā§‹āĻ¨ āĻāĻŦāĻ‚ āĻŸā§āĻ¯āĻžāĻŦāĻ˛ā§‡āĻŸ
Android āĻāĻŦāĻ‚ iPad/iPhone āĻāĻ° āĻœāĻ¨ā§āĻ¯ Google Play āĻŦāĻ‡ āĻ…ā§āĻ¯āĻžāĻĒ āĻ‡āĻ¨āĻ¸ā§āĻŸāĻ˛ āĻ•āĻ°ā§āĻ¨āĨ¤ āĻāĻŸāĻŋ āĻ†āĻĒāĻ¨āĻžāĻ° āĻ…ā§āĻ¯āĻžāĻ•āĻžāĻ‰āĻ¨ā§āĻŸā§‡āĻ° āĻ¸āĻžāĻĨā§‡ āĻ…āĻŸā§‹āĻŽā§‡āĻŸāĻŋāĻ• āĻ¸āĻŋāĻ™ā§āĻ• āĻšā§Ÿ āĻ“ āĻ†āĻĒāĻ¨āĻŋ āĻ…āĻ¨āĻ˛āĻžāĻ‡āĻ¨ āĻŦāĻž āĻ…āĻĢāĻ˛āĻžāĻ‡āĻ¨ āĻ¯āĻžāĻ‡ āĻĨāĻžāĻ•ā§āĻ¨ āĻ¨āĻž āĻ•ā§‡āĻ¨ āĻ†āĻĒāĻ¨āĻžāĻ•ā§‡ āĻĒā§œāĻ¤ā§‡ āĻĻā§‡ā§ŸāĨ¤
āĻ˛ā§āĻ¯āĻžāĻĒāĻŸāĻĒ āĻ“ āĻ•āĻŽā§āĻĒāĻŋāĻ‰āĻŸāĻžāĻ°
Google Play āĻĨā§‡āĻ•ā§‡ āĻ•ā§‡āĻ¨āĻž āĻ…āĻĄāĻŋāĻ“āĻŦā§āĻ• āĻ†āĻĒāĻ¨āĻŋ āĻ•āĻŽā§āĻĒāĻŋāĻ‰āĻŸāĻžāĻ°ā§‡āĻ° āĻ“ā§Ÿā§‡āĻŦ āĻŦā§āĻ°āĻžāĻ‰āĻœāĻžāĻ°ā§‡ āĻļā§āĻ¨āĻ¤ā§‡ āĻĒāĻžāĻ°ā§‡āĻ¨āĨ¤
eReader āĻāĻŦāĻ‚ āĻ…āĻ¨ā§āĻ¯āĻžāĻ¨ā§āĻ¯ āĻĄāĻŋāĻ­āĻžāĻ‡āĻ¸
Kobo eReaders-āĻāĻ° āĻŽāĻ¤ā§‹ e-ink āĻĄāĻŋāĻ­āĻžāĻ‡āĻ¸ā§‡ āĻĒāĻĄāĻŧāĻ¤ā§‡, āĻ†āĻĒāĻ¨āĻžāĻ•ā§‡ āĻāĻ•āĻŸāĻŋ āĻĢāĻžāĻ‡āĻ˛ āĻĄāĻžāĻ‰āĻ¨āĻ˛ā§‹āĻĄ āĻ“ āĻ†āĻĒāĻ¨āĻžāĻ° āĻĄāĻŋāĻ­āĻžāĻ‡āĻ¸ā§‡ āĻŸā§āĻ°āĻžāĻ¨ā§āĻ¸āĻĢāĻžāĻ° āĻ•āĻ°āĻ¤ā§‡ āĻšāĻŦā§‡āĨ¤ āĻŦā§āĻ¯āĻŦāĻšāĻžāĻ°āĻ•āĻžāĻ°ā§€āĻ° āĻ‰āĻĻā§āĻĻā§‡āĻļā§āĻ¯ā§‡ āĻ¤ā§ˆāĻ°āĻŋ āĻ¸āĻšāĻžā§ŸāĻ¤āĻž āĻ•ā§‡āĻ¨ā§āĻĻā§āĻ°āĻ¤ā§‡ āĻĻā§‡āĻ“ā§ŸāĻž āĻ¨āĻŋāĻ°ā§āĻĻā§‡āĻļāĻžāĻŦāĻ˛ā§€ āĻ…āĻ¨ā§āĻ¸āĻ°āĻŖ āĻ•āĻ°ā§‡ āĻ¯ā§‡āĻ¸āĻŦ eReader-āĻ āĻĢāĻžāĻ‡āĻ˛ āĻĒāĻĄāĻŧāĻž āĻ¯āĻžāĻŦā§‡ āĻ¸ā§‡āĻ–āĻžāĻ¨ā§‡ āĻŸā§āĻ°āĻžāĻ¨ā§āĻ¸āĻĢāĻžāĻ° āĻ•āĻ°ā§āĻ¨āĨ¤
āĻŦā§‡āĻ†āĻ‡āĻ¨āĻŋ āĻ•āĻ¨ā§āĻŸā§‡āĻ¨ā§āĻŸ āĻ¸āĻŽā§āĻĒāĻ°ā§āĻ•ā§‡ āĻ…āĻ­āĻŋāĻ¯ā§‹āĻ— āĻœāĻžāĻ¨āĻžāĻ¨

Xinming Ou āĻāĻ° āĻĨā§‡āĻ•ā§‡ āĻ†āĻ°ā§‹

Automated Security Management
Ehab Al-Shaer
Computers en technologie
ā§Ģā§Ē.ā§Ēā§¯â‚Ŧā§Šā§Ž.ā§§ā§Ēâ‚Ŧ

āĻāĻ•āĻ‡ āĻ§āĻ°āĻ¨ā§‡āĻ° āĻ‡-āĻŦā§āĻ•

Data Warehousing and Data Mining Techniques for Cyber Security
Anoop Singhal
āĻŦāĻ‡ 31â€ĸComputers en technologie
ā§¯ā§Ž.ā§Ļā§¯â‚Ŧā§Ŧā§Ž.ā§Ŧā§Ŧâ‚Ŧ
Algorithms: Edition 4
Robert Sedgewick
Computers en technologie
ā§Ŧā§­.ā§Ģā§­â‚Ŧā§Ēā§Ž.ā§§ā§¨â‚Ŧ
Just Enough Software Architecture: A Risk-Driven Approach
George Fairbanks
Computers en technologie
ā§§ā§Ļ.ā§Ļā§Žâ‚Ŧ
Network Security Metrics
Lingyu Wang
Computers en technologie
ā§¯ā§Ž.ā§Ļā§¯â‚Ŧā§Ŧā§Ž.ā§Ŧā§Ŧâ‚Ŧ