Managing attack graph complexity through visual hierarchical aggregation
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
A weakest-adversary security metric for network configuration security analysis
Proceedings of the 2nd ACM workshop on Quality of protection
Security Metrics: Replacing Fear, Uncertainty, and Doubt
Security Metrics: Replacing Fear, Uncertainty, and Doubt
MulVAL: a logic-based network security analyzer
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Measuring network security using dynamic bayesian network
Proceedings of the 4th ACM workshop on Quality of protection
Measuring the overall security of network configurations using attack graphs
Proceedings of the 21st annual IFIP WG 11.3 working conference on Data and applications security
SP 800-55 Rev. 1. Performance Measurement Guide for Information Security
SP 800-55 Rev. 1. Performance Measurement Guide for Information Security
Metrics for characterizing the form of security policies
The Journal of Strategic Information Systems
Hi-index | 0.01 |
Currently, it is difficult to answer simple questions such as "are we more secure than yesterday" or "how should we invest our limited security resources." Decision makers in other areas of business and engineering often use metrics for determining whether a projected return on investment justifies its costs. Spending for new cyber-security measures is such an investment. Thus security metrics that can quantify the overall risk in an enterprise system are essential in making sensible decisions in security management.