Data model extension for security event notification with dynamic risk assessment purpose
暂无分享,去创建一个
Dynamic risk assessment refers to a risk management framework where frequent updates of risk evaluation information are used to evaluate risk exposure, as close as possible to real-time. In this paper, we present the incident object description exchange format extended model for dynamic risk assessment. This format attempts to overcome the absence of integration and real-time communication between security systems and risk assessment tools. Our model is based on the incident object definition exchange format, which is commonly used in the computer security incident response teams community. This data model aims to facilitate a global vision of information systems risk by supplying real-time security events data to risk assessment tools based on renowned methodologies. We present a proof-of-concept scenario to demonstrate the usefulness of this integration and the proposed data model, and discuss the expected improvements.
[1] Oscar Pastor,et al. DYNAMIC RISK ASSESSMENT IN INFORMATION SYSTEMS: STATE-OF- THE-ART , 2013 .
[2] Gilbert Moïsio,et al. Internet Engineering Task Force , 2014 .
[3] Sarah Brown,et al. Conceptual framework for cyber defense information sharing within trust relationships , 2012, 2012 4th International Conference on Cyber Conflict (CYCON 2012).
[4] Indrajit Ray,et al. Dynamic Security Risk Management Using Bayesian Attack Graphs , 2012, IEEE Transactions on Dependable and Secure Computing.