Quantitative Security Risk Assessment of Enterprise Networks
Protection of enterprise networks from malicious intrusions is critical to the economy and security of our nation. This article gives an overview of the techniques and challenges for security risk analysis of enterprise networks. A standard model for secu
- PDF / 1,093,023 Bytes
- 41 Pages / 439.224 x 661.558 pts Page_size
- 37 Downloads / 238 Views
Xinming Ou · Anoop Singhal
Quantitative Security Risk Assessment of Enterprise Networks 123
SpringerBriefs in Computer Science
Series Editors Stan Zdonik Peng Ning Shashi Shekhar Jonathan Katz Xindong Wu Lakhmi C. Jain David Padua Xuemin Shen Borko Furht
For further volumes: http://www.springer.com/series/10028
Xinming Ou • Anoop Singhal
Quantitative Security Risk Assessment of Enterprise Networks
Xinming Ou Computing and Information Sciences Kansas State University Manhattan, Kansas USA [email protected]
Anoop Singhal Computer Security Division National Institute of Standards and Technology (NIST) Gaithersburg, Maryland USA [email protected]
e-ISSN 2191-5776 ISSN 2191-5768 e-ISBN 978-1-4614-1860-3 ISBN 978-1-4614-1859-7 DOI 10.1007/978-1-4614-1860-3 Springer New York Dordrecht Heidelberg London Library of Congress Control Number: 2011941356 © The Author(s) 2012 All rights reserved. This work may not be translated or copied in whole or in part without the written permission of the publisher (Springer Science+Business Media, LLC, 233 Spring Street, New York, NY 10013, USA), except for brief excerpts in connection with reviews or scholarly analysis. Use in connection with any form of information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed is forbidden. The use in this publication of trade names, trademarks, service marks, and similar terms, even if they are not identified as such, is not to be taken as an expression of opinion as to whether or not they are subject to proprietary rights. Printed on acid-free paper Springer is part of Springer Science+Business Media (www.springer.com)
If you cannot measure it, you cannot improve it. — Lord Kelvin
Preface
At present, enterprise networks constitute the core component of information technology infrastructures in areas such as power grids, financial data systems and emergency communication systems. Protection of these networks from malicious intrusions is critical to the economy and national security. To improve the security of these information systems, it is necessary to measure the amount of security provided by different networks’ configurations. The objective of this book is to give an overview of the techniques and challenges for security risk analysis of computer networks. A standard model for security analysis will enable us to answer questions such as “are we more secure than yesterday or how does the security of one network configuration compare with another”. Also, having a standard model to measure network security will bring together users, vendors and researchers to evaluate methodologies and products for network security. An essential type of security risk analysis is to determine the level of compromise possible for important hosts in a network from a given starting location. This is a complex task as it depends on the network topology, security policy in the network as determined by the placement of firewalls, routers and switches and on vulnerabilities in
Data Loading...
