GraMSec 2017

The Fourth International Workshop on
Graphical Models for Security

Santa Barbara, CA, USA - August 21, 2017

Co-located with CSF 2017

Camera ready version for post-proceedings due on September 22



Dr. Anoop Singhal, Computer Scientist at the National Institiude of Standards and Technology (NIST), Computer Security Division


Security Metrics and Risk Analysis for Enterprise Systems


Protection of enterprise systems from cyber attacks is a challenge. Vulnerabilities are regularly discovered in software systems that are exploited to launch cyber attacks. Security Analysts need objective metrics to manage the security risk of an enterprise systems. In this talk, we will give an overview of our research on security metrics and challenges for security risk analysis of enterprise systems. A standard model for security metrics will enable us to answer questions such as "are we more secure than yesterday" or "how does the security of one system compare with another?" We will present a methodology for security risk analysis that is based on the model of Attack Graphs and the Common Vulnerability Scoring System (CVSS).


          Sintef logo       UL logo       Penn-State logo UiO logo