Security Engineering: A Guide to Building Dependable Distributed Systems
Security Engineering: A Guide to Building Dependable Distributed Systems
Handbook of Information Security Management 1999
Handbook of Information Security Management 1999
The CISSP Prep Guide: Mastering the Ten Domains of Computer Security
The CISSP Prep Guide: Mastering the Ten Domains of Computer Security
Soft constraint programming to analysing security protocols
Theory and Practice of Logic Programming
Defense trees for economic evaluation of security investments
ARES '06 Proceedings of the First International Conference on Availability, Reliability and Security
A protocol's life after attacks...
Proceedings of the 11th international conference on Security Protocols
SP 800-30. Risk Management Guide for Information Technology Systems
SP 800-30. Risk Management Guide for Information Technology Systems
FlowRank: ranking NetFlow records
Proceedings of the 6th International Wireless Communications and Mobile Computing Conference
Hi-index | 0.00 |
Risk analysis has recently emerged as a structured and precise methodology to help modern companies understand their risks and plan the relative countermeasures well in advance. It is based on a number of indicators: parameters that quantify the key concepts on which an enterprise designs its security and safety investments. A modificator is a function that further modifies an existing indicator, and is itself an indicator. It is argued here that Risk Analysis can dramatically benefit from three novel modificators. One, the Exposure Factor during Critical Time (EFCT), expresses the percentage of loss or damage that an attack can infer to a time-critical asset. Another one, the Exposure Factor under Retaliation (EFR), formalises the mitigation to the loss or damage that an attack can infer to an asset when that loss or damage can be retaliated back onto the attacker. The third one, the Mitigated Risk against Collusion (MRC), formalises how a security measure can be effective against a single attacker but not necessarily against a large team of attackers working collaboratively for the same target. Our simulated results firmly support the benefits of such augmented Risk Analysis confirming the novel insights it can provide.