{"title":"“安全差距”作为企业业务流程的衡量标准","authors":"Preetam Mukherjee, A. Sengupta, C. Mazumdar","doi":"10.1002/spy2.263","DOIUrl":null,"url":null,"abstract":"Security is becoming an indispensable factor for the well‐being of an enterprise. Enterprises are making huge investments to fulfill the demand for security. A big challenge faced by an enterprise while securing itself is to find the gap between the demand for security and the actual security status. Finding out a consistent metric for measuring this gap can enable security administrators to utilize the allocated funds more appropriately. Popular control gap analysis methods practiced in enterprises are mostly subjective in nature and results in imprecise measurements. To address this issue, a novel security metric “Security Gap” is introduced in this paper. This metric finds out the business process‐level insecurity from the security requirements and the estimated security. The methodology uses business process modeling, attack graph modeling, and relevant base metrics to compute Security Gap.","PeriodicalId":29939,"journal":{"name":"Security and Privacy","volume":" ","pages":""},"PeriodicalIF":1.5000,"publicationDate":"2022-09-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"“Security Gap” as a metric for enterprise business processes\",\"authors\":\"Preetam Mukherjee, A. Sengupta, C. Mazumdar\",\"doi\":\"10.1002/spy2.263\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Security is becoming an indispensable factor for the well‐being of an enterprise. Enterprises are making huge investments to fulfill the demand for security. A big challenge faced by an enterprise while securing itself is to find the gap between the demand for security and the actual security status. Finding out a consistent metric for measuring this gap can enable security administrators to utilize the allocated funds more appropriately. Popular control gap analysis methods practiced in enterprises are mostly subjective in nature and results in imprecise measurements. To address this issue, a novel security metric “Security Gap” is introduced in this paper. This metric finds out the business process‐level insecurity from the security requirements and the estimated security. The methodology uses business process modeling, attack graph modeling, and relevant base metrics to compute Security Gap.\",\"PeriodicalId\":29939,\"journal\":{\"name\":\"Security and Privacy\",\"volume\":\" \",\"pages\":\"\"},\"PeriodicalIF\":1.5000,\"publicationDate\":\"2022-09-18\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Security and Privacy\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1002/spy2.263\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Security and Privacy","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1002/spy2.263","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
“Security Gap” as a metric for enterprise business processes
Security is becoming an indispensable factor for the well‐being of an enterprise. Enterprises are making huge investments to fulfill the demand for security. A big challenge faced by an enterprise while securing itself is to find the gap between the demand for security and the actual security status. Finding out a consistent metric for measuring this gap can enable security administrators to utilize the allocated funds more appropriately. Popular control gap analysis methods practiced in enterprises are mostly subjective in nature and results in imprecise measurements. To address this issue, a novel security metric “Security Gap” is introduced in this paper. This metric finds out the business process‐level insecurity from the security requirements and the estimated security. The methodology uses business process modeling, attack graph modeling, and relevant base metrics to compute Security Gap.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
