Please use this identifier to cite or link to this item:
Title: A Quantitative CVSS-Based Cyber Security Risk Assessment Methodology For IT Systems
Authors: Aksu, M. Uğur
Dilek, M. Hadi
Tatli, E. Islam
Bıçakcı, Kemal
Dirik, H. İbrahim
Demirezen, M. Umut
Aykir, Tayfun
Keywords: attack graphs
cyber security risks
risk assessment
risk metrics
vulnerability management
Issue Date: 2017
Publisher: IEEE
Source: Aksu, M. U., Dilek, M. H., Tatlı, E. İ., Bicakci, K., Dirik, H. İ., Demirezen, M. U., & Aykır, T. (2017, October). A quantitative CVSS-based cyber security risk assessment methodology for IT systems. In 2017 International Carnahan Conference on Security Technology (ICCST) (pp. 1-8). IEEE.
Abstract: IT system risk assessments are indispensable due to increasing cyber threats within our ever-growing IT systems. Moreover, laws and regulations urge organizations to conduct risk assessments regularly. Even though there exist several risk management frameworks and methodologies, they are in general high level, not defining the risk metrics, risk metrics values and the detailed risk assessment formulas for different risk views. To address this need, we define a novel risk assessment methodology specific to IT systems. Our model is quantitative, both asset and vulnerability centric and defines low and high level risk metrics. High level risk metrics are defined in two general categories; base and attack graph-based. In our paper, we provide a detailed explanation of formulations in each category and make our implemented software publicly available for those who are interested in applying the proposed methodology to their IT systems.
Description: International Carnahan Conference on Security Technology(2017 : Madrid; Spain)
ISBN: 978-1-5386-1585-0
ISSN: 1071-6572
Appears in Collections:Bilgisayar Mühendisliği Bölümü / Department of Computer Engineering
Scopus İndeksli Yayınlar Koleksiyonu / Scopus Indexed Publications Collection
WoS İndeksli Yayınlar Koleksiyonu / WoS Indexed Publications Collection

Show full item record

CORE Recommender


checked on Sep 23, 2022

Page view(s)

checked on Dec 26, 2022

Google ScholarTM



Items in GCRIS Repository are protected by copyright, with all rights reserved, unless otherwise indicated.