Reference : Bridging two worlds: Reconciling practical risk assessment methodologies with theory ...
Scientific congresses, symposiums and conference proceedings : Paper published in a book
Engineering, computing & technology : Computer science
Security, Reliability and Trust
http://hdl.handle.net/10993/29224
Bridging two worlds: Reconciling practical risk assessment methodologies with theory of attack trees
English
Gadyatskaya, Olga mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) >]
Harpes, Carlo [> >]
Mauw, Sjouke mailto [University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)]
Muller, Cedric [> >]
Muller, Steve []
2016
Proc. of GraMSec
Springer
LNCS 9987
Yes
No
International
The Third International Workshop on Graphical Models for Security (GraMSec)
27-06-2016
[en] risk assessment ; attack trees ; countermeasure selection
[en] Security risk treatment often requires a complex cost-benefit analysis to be carried out in order to select countermeasures that optimally reduce risks while having minimal costs. According to ISO/IEC 27001, risk treatment relies on catalogues of countermeasures, and the analysts are expected to estimate the residual risks. At the same time, recent advancements in attack tree theory provide elegant solutions to this optimization problem. In this short paper we propose to bridge the gap between these two worlds by introducing optimal countermeasure selection problem on attack-defense trees into the TRICK security risk assessment methodology.
Interdisciplinary Centre for Security, Reliability and Trust - SnT
European Commission - EC
Researchers ; Professionals ; Students ; General public
http://hdl.handle.net/10993/29224
10.1007/978-3-319-46263-9_5
The original publication is available at http://link.springer.com/chapter/10.1007%2F978-3-319-46263-9_5
FP7 ; 318003 - TRESPASS - Technology-supported Risk Estimation by Predictive Assessment of Socio-technical Security
FnR ; FNR5809105 > Sjouke Mauw > ADT2P > Attack-Defence Trees: Theory Meets Practice > 01/07/2014 > 30/06/2017 > 2013

File(s) associated to this reference

Fulltext file(s):

FileCommentaryVersionSizeAccess
Limited access
Bridging_Two_Worlds-CR.pdfAuthor postprint596.15 kBRequest a copy

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.