一种基于本体和贝叶斯的威胁概率确定方法

Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ... Pub Date : 2011-03-22 DOI:10.1145/1966913.1966958

Stefan Fenz

{"title":"一种基于本体和贝叶斯的威胁概率确定方法","authors":"Stefan Fenz","doi":"10.1145/1966913.1966958","DOIUrl":null,"url":null,"abstract":"Information security risk management is crucial for ensuring long-term business success and thus numerous approaches to implementing an adequate information security risk management strategy have been proposed. The subjective threat probability determination is one of the main reasons for an inadequate information security strategy endangering the organization in performing its mission. To address the problem we developed an ontology- and Bayesian-based approach to determine threat probabilities taking general information security knowledge and organization-specific knowledge about existing control implementations and attacker profiles into account. The elaborated concepts enable risk managers to comprehensibly quantify by the Bayesian threat probability determination the current security status of their organization.","PeriodicalId":72308,"journal":{"name":"Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2011-03-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"11","resultStr":"{\"title\":\"An ontology- and Bayesian-based approach for determining threat probabilities\",\"authors\":\"Stefan Fenz\",\"doi\":\"10.1145/1966913.1966958\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Information security risk management is crucial for ensuring long-term business success and thus numerous approaches to implementing an adequate information security risk management strategy have been proposed. The subjective threat probability determination is one of the main reasons for an inadequate information security strategy endangering the organization in performing its mission. To address the problem we developed an ontology- and Bayesian-based approach to determine threat probabilities taking general information security knowledge and organization-specific knowledge about existing control implementations and attacker profiles into account. The elaborated concepts enable risk managers to comprehensibly quantify by the Bayesian threat probability determination the current security status of their organization.\",\"PeriodicalId\":72308,\"journal\":{\"name\":\"Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2011-03-22\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"11\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/1966913.1966958\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/1966913.1966958","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 11

摘要

信息安全风险管理对于确保长期业务成功至关重要，因此已经提出了许多实现适当信息安全风险管理策略的方法。主观的威胁概率确定是信息安全策略不完善危及组织执行其任务的主要原因之一。为了解决这个问题，我们开发了一种基于本体和贝叶斯的方法来确定威胁概率，该方法考虑了关于现有控制实现和攻击者配置文件的一般信息安全知识和组织特定知识。详细阐述的概念使风险管理者能够通过贝叶斯威胁概率确定其组织的当前安全状态，从而全面量化。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

An ontology- and Bayesian-based approach for determining threat probabilities

Information security risk management is crucial for ensuring long-term business success and thus numerous approaches to implementing an adequate information security risk management strategy have been proposed. The subjective threat probability determination is one of the main reasons for an inadequate information security strategy endangering the organization in performing its mission. To address the problem we developed an ontology- and Bayesian-based approach to determine threat probabilities taking general information security knowledge and organization-specific knowledge about existing control implementations and attacker profiles into account. The elaborated concepts enable risk managers to comprehensibly quantify by the Bayesian threat probability determination the current security status of their organization.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...

自引率

0.00%

发文量