Journal of Systems and Software
Risk assessment in practice: A real case study
Computer Communications
GARNET: A Graphical Attack Graph and Reachability Network Evaluation Tool
VizSec '08 Proceedings of the 5th international workshop on Visualization for Computer Security
Towards more secure systems: how to combine expert evaluations
Proceedings of the 4th international conference on Security and privacy in communication netowrks
Cybersecurity for critical infrastructures: attack and defense modeling
IEEE Transactions on Systems, Man, and Cybernetics, Part A: Systems and Humans
Analyzing the effect of information attack on air and missile defense performance
MILCOM'09 Proceedings of the 28th IEEE conference on Military communications
Security research from a multi-disciplinary and multi-sectoral perspective
SAFECOMP'05 Proceedings of the 24th international conference on Computer Safety, Reliability, and Security
Using hidden markov models to evaluate the risks of intrusions
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
Information security strategies: towards an organizational multi-strategy perspective
Journal of Intelligent Manufacturing
| Hi-index | 0.00 |
Government and industry increasingly rely on modern information systems (IS) for mission successes. But their critical IS must survive in hostile environments; thus, mission owners need systems security engineers to build systems that are secure against real-world attacks but not over-engineered against a particular one. By understanding which attacks are most likely and which risks are most serious, mission owners can make cost-effective countermeasures decisions. We describe a systems security-engineering methodology for enumerating system attacks, assessing risks, and choosing countermeasures that best mitigate the risks.