{"title":"安全风险度量:融合企业目标和漏洞","authors":"K. Clark, J. Dawkins, John Hale","doi":"10.1109/IAW.2005.1495978","DOIUrl":null,"url":null,"abstract":"Automated scanners are unable to generate the information required to properly assess a network's risk. Although scanners may identify high risk exposures, they fail to determine how those exposures affect an organization's objectives. Such an assessment requires an auditor to identify the objectives and their relationship to network hosts. Mission trees allow security auditors to map relationships between an organization's objectives and its assets. Synthesizing this data with a vulnerability scanner lends itself to creating meaningful enterprise security metrics.","PeriodicalId":252208,"journal":{"name":"Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop","volume":"27 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2005-06-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"15","resultStr":"{\"title\":\"Security risk metrics: fusing enterprise objectives and vulnerabilities\",\"authors\":\"K. Clark, J. Dawkins, John Hale\",\"doi\":\"10.1109/IAW.2005.1495978\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Automated scanners are unable to generate the information required to properly assess a network's risk. Although scanners may identify high risk exposures, they fail to determine how those exposures affect an organization's objectives. Such an assessment requires an auditor to identify the objectives and their relationship to network hosts. Mission trees allow security auditors to map relationships between an organization's objectives and its assets. Synthesizing this data with a vulnerability scanner lends itself to creating meaningful enterprise security metrics.\",\"PeriodicalId\":252208,\"journal\":{\"name\":\"Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop\",\"volume\":\"27 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2005-06-15\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"15\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/IAW.2005.1495978\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IAW.2005.1495978","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Security risk metrics: fusing enterprise objectives and vulnerabilities
Automated scanners are unable to generate the information required to properly assess a network's risk. Although scanners may identify high risk exposures, they fail to determine how those exposures affect an organization's objectives. Such an assessment requires an auditor to identify the objectives and their relationship to network hosts. Mission trees allow security auditors to map relationships between an organization's objectives and its assets. Synthesizing this data with a vulnerability scanner lends itself to creating meaningful enterprise security metrics.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
