Title: Models for Security Assessment and Management
Citation: Proceedings of the Complex Network and Infrastructure Protection Workshop 2006 p. 1-12
Publisher: ENEA
Publication Year: 2006
JRC N°: JRC32734
URI: http://ciip.casaccia.enea.it/cnip06/index.jsp?sel=program
Type: Articles in periodicals and books
Abstract: The assessment and management of security depends upon the availability of relevant information. Unfortunately, two facts jeopardize this availability: first, data regarding security events is scarce; second, obtainable data is rarely presented with the proper format and with the right level of description. We defend in this paper that for dealing with these issues, a key role is played by suitable security models. Security data is generated when observing and analysing security–relevant events. From this one gets information on vulnerabilities, threats and attacks. The problem is that security data is produced in a scattered way, at teach of the locations where security events take place. From this, it is easy to deduce that a key point is the sharing of information among the different actors. However, such collaboration implies as primary requirement a common set of models allowing a compatible representation of the data about systems, components, services, vulnerabilities, attacks and threats. On the other hand, with new security data it is necessary to update security assessments and management decisions. This can be enormously facilitated by the support of fitting models. In this paper, we focus on the many uses of models for supporting security assessment and management under the information sharing perspective. We present in detail the scenario and we analyze which are the requirements a system modeling framework needs to have in order to be really usable in the industrial ICT analysis.
JRC Directorate:Space, Security and Migration

Files in This Item:
There are no files associated with this item.

Items in repository are protected by copyright, with all rights reserved, unless otherwise indicated.