Risk assessment in practice: A real case study

Authors:
Marco Benini;Sabrina Sicari
Affiliations:
Dipartimento di Informatica e Comunicazione, Universití degli Studi dell'Insubria, IT-21100 via Mazzini 5, Varese, Italy;Dipartimento di Informatica e Comunicazione, Universití degli Studi dell'Insubria, IT-21100 via Mazzini 5, Varese, Italy
Venue:
Computer Communications
Year:
2008

Citing 15
Cited 2

Applications of qualitative modeling to knowledge-based risk assessment studies

IEA/AIE '89 Proceedings of the 2nd international conference on Industrial and engineering applications of artificial intelligence and expert systems - Volume 1
Information systems security design methods: implications for information systems development

ACM Computing Surveys (CSUR)
An insecurity flow model

NSPW '97 Proceedings of the 1997 workshop on New security paradigms
DNS and BIND

DNS and BIND
Writing Secure Code

Writing Secure Code
Software Measurement: A Necessary Scientific Basis

IEEE Transactions on Software Engineering
The coras approach for model-based risk management applied to e-commerce domain

Proceedings of the IFIP TC6/TC11 Sixth Joint Working Conference on Communications and Multimedia Security: Advanced Communications and Multimedia Security
Automated Generation and Analysis of Attack Graphs

SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Managing vulnerabilities of information systems to security incidents

ICEC '03 Proceedings of the 5th international conference on Electronic commerce
The CORAS methodology: model-based risk assessment using UML and UP

UML and the unified process
Efficient Minimum-Cost Network Hardening Via Exploit Dependency Graphs

ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
Risk-based Systems Security Engineering: Stopping Attacks with Intention

IEEE Security and Privacy
Security Meter: A Practical Decision-Tree Model to Quantify Risk

IEEE Security and Privacy
Risky trust: risk-based analysis of software systems

SESS '05 Proceedings of the 2005 workshop on Software engineering for secure systems—building trustworthy applications
Assessing the risk of intercepting VoIP calls

Computer Networks: The International Journal of Computer and Telecommunications Networking

Relationships between information security metrics: an empirical study

Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop
A stochastic model of attack process for the evaluation of security metrics

Computer Networks: The International Journal of Computer and Telecommunications Networking

Quantified Score

Hi-index	0.25

Visualization

Abstract

The aim of this work is to evaluate the risk of an external attack to the network of our Department in the University. Thus, this work wants to complement the results in [M. Benini, S. Sicari, A mathematical framework for risk assessment, in: H. Labiod, M. Badra (Eds.), New Technologies, Mobility and Security, Signals and Communication, Springer-Verlag, May 2007, pp. 459-469] where a mathematical framework justifying our risk assessment method has been presented. Hence, this article describes a detailed account of our experience where the instruments, the techniques and the results are described and evaluated.