{"title":"基于公开安全事件的经验导出的损失分类","authors":"Frank Innerhofer-Oberperfler, R. Breu","doi":"10.1109/ARES.2009.85","DOIUrl":null,"url":null,"abstract":"In this paper we focus on the losses related to information and IT security incidents. The loss dimension in terms of business impacts is often treated only superficially in current standards, best practices and the research literature. The main focus lies often on the impacts on properties of information and services like confidentiality, integrity and availability. We make a step in the direction of filling this gap by developing a more systematic taxonomy of losses. For this purpose publicly announced security incidents have been analysed using causeconsequence diagrams to identify different types of losses. The identified causes of incidents and the resulting types of losses have been classified using an enterprise model to distinguish different levels of abstraction. This exploratory and descriptive research yielded a) a preliminary taxonomy of losses related to security incidents, b) a validation of the enterprise model used as a frame for the analysis and c) different paths of propagation of causes of incidents.","PeriodicalId":169468,"journal":{"name":"2009 International Conference on Availability, Reliability and Security","volume":"222 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2009-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"14","resultStr":"{\"title\":\"An Empirically Derived Loss Taxonomy Based on Publicly Known Security Incidents\",\"authors\":\"Frank Innerhofer-Oberperfler, R. Breu\",\"doi\":\"10.1109/ARES.2009.85\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In this paper we focus on the losses related to information and IT security incidents. The loss dimension in terms of business impacts is often treated only superficially in current standards, best practices and the research literature. The main focus lies often on the impacts on properties of information and services like confidentiality, integrity and availability. We make a step in the direction of filling this gap by developing a more systematic taxonomy of losses. For this purpose publicly announced security incidents have been analysed using causeconsequence diagrams to identify different types of losses. The identified causes of incidents and the resulting types of losses have been classified using an enterprise model to distinguish different levels of abstraction. This exploratory and descriptive research yielded a) a preliminary taxonomy of losses related to security incidents, b) a validation of the enterprise model used as a frame for the analysis and c) different paths of propagation of causes of incidents.\",\"PeriodicalId\":169468,\"journal\":{\"name\":\"2009 International Conference on Availability, Reliability and Security\",\"volume\":\"222 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2009-03-16\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"14\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2009 International Conference on Availability, Reliability and Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ARES.2009.85\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2009 International Conference on Availability, Reliability and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ARES.2009.85","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
An Empirically Derived Loss Taxonomy Based on Publicly Known Security Incidents
In this paper we focus on the losses related to information and IT security incidents. The loss dimension in terms of business impacts is often treated only superficially in current standards, best practices and the research literature. The main focus lies often on the impacts on properties of information and services like confidentiality, integrity and availability. We make a step in the direction of filling this gap by developing a more systematic taxonomy of losses. For this purpose publicly announced security incidents have been analysed using causeconsequence diagrams to identify different types of losses. The identified causes of incidents and the resulting types of losses have been classified using an enterprise model to distinguish different levels of abstraction. This exploratory and descriptive research yielded a) a preliminary taxonomy of losses related to security incidents, b) a validation of the enterprise model used as a frame for the analysis and c) different paths of propagation of causes of incidents.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
