Security

A Formal Attack Centric Framework Highlighting Expected Losses of an Information Security Breach

Download Now Free registration required

Executive Summary

From the beginning of the different approaches for analyzing and assessing the information related risk affecting organization, the two factors deriving risk are the damages or losses incurred to the organization and the probability of occurring of those risk incidents. Many qualitative and quantitative models have been proposed to estimate the above two factors considering the asset centric and software centric approaches. This paper proposes an attack centric framework that considers approaches of an attacker and different characteristics of attack in computing the overall impact of attack which can then be used to effectively calculate the overall loss incurred to the organization in the event of successful attack.

  • Format: PDF
  • Size: 352.19 KB