Please use this identifier to cite or link to this item: https://hdl.handle.net/20.500.11851/1948
Full metadata record
DC FieldValueLanguage
dc.contributor.authorAksu, M. Uğur-
dc.contributor.authorDilek, M. Hadi-
dc.contributor.authorTatli, E. Islam-
dc.contributor.authorBıçakcı, Kemal-
dc.contributor.authorDirik, H. İbrahim-
dc.contributor.authorDemirezen, M. Umut-
dc.contributor.authorAykir, Tayfun-
dc.date.accessioned2019-07-10T14:42:41Z
dc.date.available2019-07-10T14:42:41Z
dc.date.issued2017
dc.identifier.citationAksu, M. U., Dilek, M. H., Tatlı, E. İ., Bicakci, K., Dirik, H. İ., Demirezen, M. U., & Aykır, T. (2017, October). A quantitative CVSS-based cyber security risk assessment methodology for IT systems. In 2017 International Carnahan Conference on Security Technology (ICCST) (pp. 1-8). IEEE.en_US
dc.identifier.isbn978-1-5386-1585-0
dc.identifier.issn1071-6572
dc.identifier.urihttps://ieeexplore.ieee.org/document/8167819-
dc.identifier.urihttps://hdl.handle.net/20.500.11851/1948-
dc.descriptionInternational Carnahan Conference on Security Technology(2017 : Madrid; Spain)
dc.description.abstractIT system risk assessments are indispensable due to increasing cyber threats within our ever-growing IT systems. Moreover, laws and regulations urge organizations to conduct risk assessments regularly. Even though there exist several risk management frameworks and methodologies, they are in general high level, not defining the risk metrics, risk metrics values and the detailed risk assessment formulas for different risk views. To address this need, we define a novel risk assessment methodology specific to IT systems. Our model is quantitative, both asset and vulnerability centric and defines low and high level risk metrics. High level risk metrics are defined in two general categories; base and attack graph-based. In our paper, we provide a detailed explanation of formulations in each category and make our implemented software publicly available for those who are interested in applying the proposed methodology to their IT systems.en_US
dc.description.sponsorshipThis work was supported by The Scientific and Technological Research Council of Turkey (TÜBİTAK), TEYDEB 1501, Grant No: 3160047.
dc.language.isoenen_US
dc.publisherIEEEen_US
dc.relation.ispartofProceedings - International Carnahan Conference on Security Technologyen_US
dc.rightsinfo:eu-repo/semantics/closedAccessen_US
dc.subjectattack graphsen_US
dc.subjectcyber security risksen_US
dc.subjectrisk assessmenten_US
dc.subjectrisk metricsen_US
dc.subjectvulnerability managementen_US
dc.titleA Quantitative CVSS-Based Cyber Security Risk Assessment Methodology For IT Systemsen_US
dc.typeConference Objecten_US
dc.departmentFaculties, Faculty of Engineering, Department of Computer Engineeringen_US
dc.departmentFakülteler, Mühendislik Fakültesi, Bilgisayar Mühendisliği Bölümütr_TR
dc.relation.tubitakinfo:eu-repo/grantAgreement/TÜBİTAK/TEYDEB/3160047en_US
dc.authorid0000-0002-9045-4238-
dc.identifier.wosWOS:000424779200030en_US
dc.identifier.scopus2-s2.0-85042294127en_US
dc.institutionauthorBıçakçı, Kemal-
dc.identifier.doi10.1109/CCST.2017.8167819-
dc.authorscopusid6603355557-
dc.relation.publicationcategoryKonferans Öğesi - Uluslararası - Kurum Öğretim Elemanıen_US
dc.identifier.scopusquality--
item.openairecristypehttp://purl.org/coar/resource_type/c_18cf-
item.grantfulltextnone-
item.fulltextNo Fulltext-
item.openairetypeConference Object-
item.cerifentitytypePublications-
item.languageiso639-1en-
crisitem.author.dept02.3. Department of Computer Engineering-
Appears in Collections:Bilgisayar Mühendisliği Bölümü / Department of Computer Engineering
Scopus İndeksli Yayınlar Koleksiyonu / Scopus Indexed Publications Collection
WoS İndeksli Yayınlar Koleksiyonu / WoS Indexed Publications Collection
Show simple item record



CORE Recommender

SCOPUSTM   
Citations

22
checked on Mar 23, 2024

WEB OF SCIENCETM
Citations

30
checked on Jan 20, 2024

Page view(s)

38
checked on Mar 25, 2024

Google ScholarTM

Check




Altmetric


Items in GCRIS Repository are protected by copyright, with all rights reserved, unless otherwise indicated.