{"title":"优化网络风险缓解的投资回报率","authors":"Mohammed Noraden Alsaleh, G. Husari, E. Al-Shaer","doi":"10.1109/CNSM.2016.7818421","DOIUrl":null,"url":null,"abstract":"In this paper, we present a security analytics framework that augments host compliance reports with network configuration to assess the risk globally and devise cost-effective mitigation plans. We define metrics to measure the global enterprise risk based on network assets' vulnerabilities, their inter-dependencies, and network configurations. Our framework takes the decision burden away from administrators by automatically recommending cost-effective mitigation actions that achieve the expected return on investment (RoI). We use XCCDF, a language defined as part of the Security Content Automation Protocol (SCAP), to communicate the compliance benchmarking and scoring reports. In addition, we utilize the basic metrics defined in the standard vulnerability scoring systems, such as CVSS, to accurately assess the global risk. We formalize our proposed mitigation planning solution as a constraints satisfaction problem and we solve it using the Z3 SMT solver.","PeriodicalId":334604,"journal":{"name":"2016 12th International Conference on Network and Service Management (CNSM)","volume":"24 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Optimizing the RoI of cyber risk mitigation\",\"authors\":\"Mohammed Noraden Alsaleh, G. Husari, E. Al-Shaer\",\"doi\":\"10.1109/CNSM.2016.7818421\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In this paper, we present a security analytics framework that augments host compliance reports with network configuration to assess the risk globally and devise cost-effective mitigation plans. We define metrics to measure the global enterprise risk based on network assets' vulnerabilities, their inter-dependencies, and network configurations. Our framework takes the decision burden away from administrators by automatically recommending cost-effective mitigation actions that achieve the expected return on investment (RoI). We use XCCDF, a language defined as part of the Security Content Automation Protocol (SCAP), to communicate the compliance benchmarking and scoring reports. In addition, we utilize the basic metrics defined in the standard vulnerability scoring systems, such as CVSS, to accurately assess the global risk. We formalize our proposed mitigation planning solution as a constraints satisfaction problem and we solve it using the Z3 SMT solver.\",\"PeriodicalId\":334604,\"journal\":{\"name\":\"2016 12th International Conference on Network and Service Management (CNSM)\",\"volume\":\"24 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 12th International Conference on Network and Service Management (CNSM)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CNSM.2016.7818421\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 12th International Conference on Network and Service Management (CNSM)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CNSM.2016.7818421","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
In this paper, we present a security analytics framework that augments host compliance reports with network configuration to assess the risk globally and devise cost-effective mitigation plans. We define metrics to measure the global enterprise risk based on network assets' vulnerabilities, their inter-dependencies, and network configurations. Our framework takes the decision burden away from administrators by automatically recommending cost-effective mitigation actions that achieve the expected return on investment (RoI). We use XCCDF, a language defined as part of the Security Content Automation Protocol (SCAP), to communicate the compliance benchmarking and scoring reports. In addition, we utilize the basic metrics defined in the standard vulnerability scoring systems, such as CVSS, to accurately assess the global risk. We formalize our proposed mitigation planning solution as a constraints satisfaction problem and we solve it using the Z3 SMT solver.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
