EVMAT: an OVAL and NVD based enterprise vulnerability modeling and assessment tool
Proceedings of the 49th Annual Southeast Regional Conference
A multi-layer tree model for enterprise vulnerability management
Proceedings of the 2011 conference on Information technology education
A risk assessment model for enterprise network security
ATC'06 Proceedings of the Third international conference on Autonomic and Trusted Computing
| Hi-index | 0.00 |
A formal model of security requirements for enterprise information technology protection is developed. The model is based on set theory and represented using an Entity-Relationship diagram. Components of the model include high level business objectives and their criticality, business requirements and their utilization, resources and their characterization as protector or protected resources, controls and their effectiveness, threats, vulnerabilities, potential exploits, and the resulting impact. An example representation of a formal relationship is provided. The model provides a canonical representation of enterprise security, enables automation and hence rigorous analysis of the security cost and effectiveness, provides for completeness and consistency checking, and offers a means for what-if as well as comparative analysis of security readiness.