Models for Security Assessment and Management

The assessment and management of security depends upon the availability of relevant information. Unfortunately, two facts jeopardize this availability: first, data regarding security events is scarce; second, obtainable data is rarely presented with the proper format and with the right level of description. We defend in this paper that for dealing with these issues, a key role is played by suitable security models. Security data is generated when observing and analysing security–relevant events. From this one gets information on vulnerabilities, threats and attacks. The problem is that security data is produced in a scattered way, at teach of the locations where security events take place. From this, it is easy to deduce that a key point is the sharing of information among the different actors. However, such collaboration implies as primary requirement a common set of models allowing a compatible representation of the data about systems, components, services, vulnerabilities, attacks and threats. On the other hand, with new security data it is necessary to update security assessments and management decisions. This can be enormously facilitated by the support of fitting models. In this paper, we focus on the many uses of models for supporting security assessment and management under the information sharing perspective. We present in detail the scenario and we analyze which are the requirements a system modeling framework needs to have in order to be really usable in the industrial ICT analysis.

NAI FOVINO Igor;  MASERA Marcelo; 

2008-01-15

ENEA

JRC32734

http://ciip.casaccia.enea.it/cnip06/index.jsp?sel=program,    https://publications.jrc.ec.europa.eu/repository/handle/JRC32734,