A Quantitative Model of the Security Intrusion Process Based on Attacker Behavior
IEEE Transactions on Software Engineering
Experimenting with Quantitative Evaluation Tools for Monitoring Operational Security
IEEE Transactions on Software Engineering
The economics of information security investment
ACM Transactions on Information and System Security (TISSEC)
Security attribute evaluation method: a cost-benefit approach
Proceedings of the 24th International Conference on Software Engineering
InfraSec '02 Proceedings of the International Conference on Infrastructure Security
Information Assurance Measures and Metrics " State of Practice and Proposed Taxonomy
HICSS '03 Proceedings of the 36th Annual Hawaii International Conference on System Sciences (HICSS'03) - Track 9 - Volume 9
ISSRE '98 Proceedings of the The Ninth International Symposium on Software Reliability Engineering
A method for modeling and quantifying the security attributes of intrusion tolerant systems
Performance Evaluation - Dependable systems and networks-performance and dependability symposium (DSN-PDS) 2002: Selected papers
Managing Cybersecurity Resources (The Mcgraw-Hill Homeland Security Series)
Managing Cybersecurity Resources (The Mcgraw-Hill Homeland Security Series)
A weakest-adversary security metric for network configuration security analysis
Proceedings of the 2nd ACM workshop on Quality of protection
Complete Guide to Security and Privacy Metrics
Complete Guide to Security and Privacy Metrics
Security Metrics: Replacing Fear, Uncertainty, and Doubt
Security Metrics: Replacing Fear, Uncertainty, and Doubt
Minimum-cost network hardening using attack graphs
Computer Communications
An Attack Graph-Based Probabilistic Security Metric
Proceeedings of the 22nd annual IFIP WG 11.3 working conference on Data and Applications Security
Formal approach to security metrics.: what does "more secure" mean for you?
Proceedings of the Fourth European Conference on Software Architecture: Companion Volume
SP 800-30. Risk Management Guide for Information Technology Systems
SP 800-30. Risk Management Guide for Information Technology Systems
A general method for assessment of security in complex services
ServiceWave'11 Proceedings of the 4th European conference on Towards a service-based internet
Towards modelling adaptive attacker's behaviour
FPS'12 Proceedings of the 5th international conference on Foundations and Practice of Security
Hi-index | 0.00 |
Security metrics are usually defined informally and, therefore, the rigourous analysis of these metrics is a hard task. This analysis is required to identify the existing relations between the security metrics, which try to quantify the same quality: security. Risk, computed as Annualised Loss Expectancy, is often used in order to give the overall assessment of security as a whole. Risk and security metrics are usually defined separately and the relation between these indicators have not been considered thoroughly. In this work we fill this gap by providing a formal definition of risk and formal analysis of relations between security metrics and risk.