Advanced search
Publication Cover
Journal of Applied Security Research Volume 18, 2023 - Issue 3
Submit an article Journal homepage
320
Views
0
CrossRef citations to date
0
Altmetric
Articles

Comprehensive Comparison of Security Measurement Models

Mahmoud Khaleghia Department of Mechanics, Electrical and Computer Engineering, Science and Research Branch, Islamic Azad University, Tehran, IranORCID Iconhttps://orcid.org/0000-0001-7545-1517View further author information
ORCID Icon,
Mohammad Reza Arefb Department of Electrical Engineering, Sharif University of Technology, Tehran, IranCorrespondence[email protected]
ORCID Iconhttps://orcid.org/0000-0002-4321-0345View further author information
ORCID Icon &
Mehdi Rastic Department of Computer Engineering and IT, Amirkabir University of Technology, Tehran, Iran;d School of Energy Systems, Lappeenranta-Lahti University of Technology (LUT), Lappeenranta, FinlandORCID Iconhttps://orcid.org/0000-0002-2081-0102View further author information
ORCID Icon
Pages 333-401 | Published online: 10 Feb 2022

References

  • Abraham, S., & Nair, S. (2015). A predictive framework for cyber security analytics using attack graphs. International Journal of Computer Networks & Communications, 7(1), 1–17. https://doi.org/10.5121/ijcnc.2015.7101
  • Ahmad, R., Sahib, S., & Azuwa, M. P. (2014). Effective measurement requirements for network security management. International Journal of Computer Science and Information Security, 12(4), 1–8.
  • Almuhammadi, S., & Alsaleh, M. (2017). Information security maturity model for NIST cyber security framework. Computer Science & Information Technology (CS & IT), 7(3), 51–62.
  • Anderson, J. A., & Rachamadugu, V. (2008, July 7–11). Managing security and privacy integration across enterprise business process and infrastructure [Paper presentation]. IEEE International Conference on Services Computing, Honolulu, HI, USA.
  • Azuwa, M. P., Ahmad, R., Sahib, S., & Shamsuddin, S. (2012). Technical security metrics model in compliance with ISO 27001 standard. International Journal of Cyber-Security and Digital Forensics, 1(4), 280–288.
  • Basili, V. R., Caldiera, G., & Rombach, H. D. (1994). The goal question metric approach. Wiley and Sons, Inc.
  • Bhattacharya, P., & Ghosh, S. K. (2012). Analytical framework for measuring network security using exploit dependency graph. IET Information Security, 6(4), 264–270. https://doi.org/10.1049/iet-ifs.2011.0103
  • Blank, R. M., & Gallagher, P. D. (2012). Guide for conducting risk assessments, NIST special publication Ming et al., 201100-30 (pp. 800–830). National Institute of Standards and Technology.
  • Breu, R., Oberperfler, F. I., & Yautsiukhin, A. (2008, March 4–7). Quantitative assessment of enterprise security system [Paper presentation]. The Third International Conference on Availability, Reliability and Security (ARES 08), Barcelona, Spain.
  • Brotby, W. K. (2009). Information security management metrics. Taylor & Francis Group.
  • Brotby, W. K., & Hinson, G. (2013). PRAGMATIC security metrics: Applying meta-metrics to information security. Taylor & Francis Group.
  • Bunke, M., Koschke, R., & Sohr, K. (2012). Organizing security patterns related to security and pattern recognition requirements. International Journal on Advances in Security, 5(1–2), 46–67.
  • Canavan, J. E. (2000). Fundamentals of network security. Artech House Telecomm.
  • Cheng, Y., Deng, J., Li, J., DeLoach, S. A., Singhal, A., & Ou, X. (2014). Cyber defense and situational awareness. Springer.
  • Cheng, P., Wang, L., Jajodia, S., & Singhal, A. (2012, October 8–11). Aggregating CVSS base scores for semantics-rich network security metrics [Paper presentation]. 31st IEEE International Symposium on Reliable Distributed Systems, Irvine, CA, USA.
  • Cherdantseva, Y., Hilton, J., Rana, O., & Ivins, W. (2016). A multifaceted evaluation of the reference model of information assurance & security. Computers & Security, 63, 45–66. https://doi.org/10.1016/j.cose.2016.09.007
  • Chew, E., Swanson, M., Stine, K., Bartol, N., Brown, A., & Robinson, W. (2008). Security metrics guide for information technology systems. National Institute of Standards and Technology.
  • Christopher, J. D., Muneer, F., & Fry, J. (2014). Cyber security capability maturity model (C2M2). Department of Energy (DoE).
  • Dacier, M., & Deswarte, Y. (1994, November 7–9). An extension to the typed access matrix model [Paper presentation]. European Symposium on Research in Computer Security (ESORICS 94), Brighton, UK.
  • de Veiga, A., & Martins, N. (2015). Improving the information security culture through monitoring and implementation actions illustrated through a case study. Computers & Security, 49, 162–176. https://doi.org/10.1016/j.cose.2014.12.006
  • Deming, W. E. (2000). Out of the crisis. MIT Press.
  • Dey, A. K., & Abowd, G. D. (1999, September 27–29). Towards a better understanding of context and context-awareness [Paper presentation]. The International Symposium on Handheld and Ubiquitous Computing, Karlsruhe, Germany.
  • Ding, Z., & Peng, Y. (2004, January 5–8). A probabilistic extension to ontology language OWL [Paper presentation]. 37th Annual Hawaii International Conference on System Sciences, Big Island, HI, USA.
  • Ding, Z., Peng, Y., & Pan, R. (2006, June 25–29). A Bayesian approach to uncertainty modelling in OWL ontology [Paper presentation]. The International Conference on Advances in Intelligent Systems - Theory and Applications, Zakopane, Poland.
  • Ding, Z., Peng, Y., & Pan, R. (2005). BayesOWL: Uncertainty modelling in semantic web ontologies. In Z. Ma (Ed.), Soft computing in ontologies and semantic web. Studies in fuzziness and soft computing (Vol. 204, pp. 3–29). Springer.
  • Ding, Z., Peng, Y., Pan, R., & Yu, Y. (2005, July 9). A Bayesian methodology towards automatic ontology mapping [Paper presentation]. AAAI Workshop on Contexts and Ontologies: Theory, Practice, and Applications, Menlo Park, CA, USA.
  • Dubois, É., Heymans, P., Mayer, N., & Matulevičius, R. (2010). A systematic approach to define the domain of information system security risk management. In Intentional perspectives on information systems engineering. Springer-Verlag.
  • Easttom, C., & Butler, W. (2019, January 7–9). A modified McCumber cube as a basis for a taxonomy of cyber attacks [Paper presentation]. The 9th Annual Computing and Communication Workshop and Conference (CCWC), Las Vegas, NV, USA.
  • Falessi, N., Gavrila, R., Klejnstrup, M. R., & Moulinos, K. (2012). National cyber security strategies. ENISA.
  • Feng, N., Wang, H. J., & Li, M. (2014). A security risk analysis model for information systems: Causal relationships of risk factors and vulnerability propagation analysis. Information Sciences, 256, 57–73. https://doi.org/10.1016/j.ins.2013.02.036
  • Fenz, S. (2010, March 22–26). Ontology-based generation of IT-security metrics [Paper presentation]. The 2010 ACM Symposium on Applied Computing (SAC’10), Sierre, Switzerland.
  • Fenz, S. (2012). An ontology-based approach for constructing Bayesian networks. Data & Knowledge Engineering, 73, 73–88. https://doi.org/10.1016/j.datak.2011.12.001
  • Fenz, S., & Ekelhart, A. (2009, March 10–12). Formalizing information security knowledge [Paper presentation]. 4th International Symposium on Information, Computer, and Communications Security (ASIACCS’09), Sydney, Australia.
  • Fenz, S., Tjoa, A. M., & Hudec, M. (2009, March 16–19). Ontology-based generation of Bayesian networks [Paper presentation]. The International Conference on Complex, Intelligent and Software Intensive Systems (CISIS’09), Fukuoka, Japan.
  • FIRST. (2005). Complete CVSS v1 Guide. Forum of Incident Response and Security Teams. https://www.first.org/cvss/v1/guide
  • FIRST. (2015). Common vulnerability scoring system VJaquith, 2007.0: Specification document. Forum of Incident Response and Security Teams. https://www.first.org/cvss/specification-document
  • Frigault, M., Wang, L., Singhal, A., & Jajodia, S. (2008, October 27). Measuring network security using dynamic Bayesian network [Paper presentation]. The 4th ACM Workshop on Quality of Protection Pages (QoP’08), Alexandria, VA, USA.
  • García, S. M., Rubio, S. M., Rosado, D. G., Fernández, E. B., & Medina, E. F. (2014). Enterprise security pattern: A new type of security pattern. Security and Communication Networks, 7(11), 1670–1690. https://doi.org/10.1002/sec.863
  • GCSCC. (2014). Cyber security capability maturity model (CMM). Global Cyber Security Capacity Centre and University of Oxford.
  • Guan, H., Yang, H., & Wang, J. (2016). An ontology-based approach to security pattern selection. International Journal of Automation and Computing, 13(2), 168–182. https://doi.org/10.1007/s11633-016-0950-1
  • Guermah, H., Fissaa, T., Hafiddi, H., Nassar, M., & Kriouile, A. (2013. May 27–30). Context modeling and reasoning for building context aware services [Paper presentation]. ACS International Conference on Computer Systems and Applications (AICCSA), Ifrane, Morocco.
  • Hallberg, J., & Lundholm, K. (2009). Information security metrics based on organizational models. Swedish Defence Research Agency.
  • Hayden, L. (2010). IT security metrics: A practical framework for measuring security & protecting data. Mc Graw Hill.
  • Herzog, A., Shahmehri, N., & Duma, C. (2007). An ontology of information security. International Journal of Information Security, 1(4), 1–23.
  • Hlel, E., Jamoussi, S., & Hamadou, A. B. (2017). A new method for building probabilistic ontology (prob-ont). International Journal of Information Technology and Web Engineering, 12(2), 1–25.
  • Homoliak, I., Toffalini, F., Guarnizo, J., Elovici, Y., & Ochoa, M. (2019). Insight into insiders and IT: A survey of insider threat taxonomies, analysis, modeling, and countermeasures. ACM Computing Surveys, 52(2), 1–40. https://doi.org/10.1145/3303771
  • Hong, J. B. (2015). Scalable and adaptable security modelling and analysis. [Unpublished doctoral dissertation]. University of Canterbury.
  • Hu, B., Wang, Z.-X., & Dong, Q.-C. (2013). A novel context-aware modeling and reasoning method based on OWL. Journal of Computers, 8(4), 943–950. https://doi.org/10.4304/jcp.8.4.943-950
  • Huang, R., Yan, D., & Yang, F. (2009, November 6–8). Research of security metric architecture for next generation network [Paper presentation]. The International Conference on Network Infrastructure and Digital Content (IC-NIDC’09), Beijing, China.
  • Humayed, A., Lin, J., Li, F., & Luo, B. (2017). Cyber-physical systems security–A survey. IEEE Internet of Things Journal, 4(6), 1802–1831. https://doi.org/10.1109/JIOT.2017.2703172
  • Husni, E., & Kurniati, Y. (2014, October 23–24). Application of mean time-to-compromise and VEA-bility security metrics in auditing computer network security [Paper presentation]. 8th International Conference on Telecommunication Systems Services and Applications (TSSA), Bali, Indonesia.
  • Idika, N., & Bhargava, B. (2012). Extending attack graph-based security metrics and aggregating their application. IEEE Transactions on Dependable and Secure Computing, 9(1), 75–85. https://doi.org/10.1109/TDSC.2010.61
  • Ingols, K., Lippmann, R., & Piwowarski, K. (2006, December 11–15). Practical attack graph generation for network defense [Paper presentation]. The 22nd Annual Computer Security Applications Conference (ACSAC), Miami, Fl, USA.
  • IRC. (1999). National scale INFOSEC research hard problems list. INFOSEC Research Council.
  • ISO. (2002). Information technology-systems security engineering-capability maturity model (SSE-CMM). International Organization for Standardization (ISO).
  • ISO. (2005). Information technology-security techniques-evaluation criteria for IT security-part 1: Introduction and general model (ISO 15408-1). International Organization for Standardization (ISO).
  • ISO. (2009). Information technology - Security techniques - Information security management - Measurement. International Organization for Standardization (ISO).
  • ISO. (2011). Information technology - Security techniques - Information security risk management. International Organization for Standardization (ISO).
  • ISO. (2012). Information technology - Security techniques - Guidelines for cybersecurity. International Organization for Standardization (ISO).
  • ISO. (2013a). Information technology-security techniques-Information security management systems: Code of practice for information security controls. International Organization for Standardization.
  • ISO. (2013b). Information technology-security techniques-Information security management systems: Requirements. International Organization for Standardization.
  • ISO. (2014). Information technology - Security techniques - Information security management systems - Overview and vocabulary. International Organization for Standardization.
  • ITU. (2003). Security architecture for systems providing end-to-end communications. International Telecommunication Union.
  • ITU. (2016). Global cybersecurity index: Reference model. International Telecommunication Union.
  • Jakobson, G. (2011, July 5–8). Mission cyber security situation assessment using impact dependency graphs [Paper presentation]. 14th International Conference on Information Fusion (FUSION), Chicago, IL, USA.
  • Jaquith, A. (2007). Security metrics: Replacing fear, uncertainty and doubt. Addison-Wesley.
  • Jhawar, R., Lounis, K., & Mauw, S. (2016, September 26–27). A stochastic framework for quantitative analysis of attack-defense trees [Paper presentation]. International Workshop on Security and Trust Management, Heraklion, Greece.
  • Jouini, M., Rabai, L. B. A., & Khedri, R. (2015). A multidimensional approach towards a quantitative assessment of security threats. Procedia Computer Science, 52, 507–514. https://doi.org/10.1016/j.procs.2015.05.024
  • Karokola, G., Kowalski, S., & Yngström, L. (2011, July 7–8). Towards an information security maturity model for secure e-government services: A stakeholders view [Paper presentation]. 5th International Symposium on Human Aspects of Information Security and Assurance HAISA2011 Conference, London, UK.
  • Kayes, A. S. M., Han, J., & Colman, A. (2013, October 13–15). An ontology-based approach to context-aware access control for software services [Paper presentation]. The 14th International Conference on Web Information Systems Engineering, China.
  • Kaynar, K., & Sivrikaya, F. (2016). Distributed attack graph generation. IEEE Transactions on Dependable and Secure Computing, 13(5), 519–532. https://doi.org/10.1109/TDSC.2015.2423682
  • Kent, S., Gosler, J. R., Donner, M., Bellovin, S., Feigenbaum, J., Schneider, F., & Neumann, P. G. (2005). Hard problem list. INFOSEC Research Council.
  • Keramati, M. (2017). An attack graph based method for predictive risk evaluation of zero-day attacks. International Journal of Information and Communication Technology Research, 9(3), 7–16.
  • Korhonen, J. J., Yildiz, M., & Mykkänen, J. (2009, December 14–16). Governance of information security elements in service-oriented enterprise architecture [Paper presentation]. 10th International Symposium on Pervasive Systems, Algorithms, and Networks, Kaohsiung, Taiwan.
  • Kotenko, I., & Doynikova, E. (2014). Evaluation of computer network security based on attack graphs and security event processing. Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications, 5(3), 14–29.
  • Kotenko, I., Saenko, I., Polubelova, O., & Doynikova, E. (2013, September 2–6). The ontology of metrics for security evaluation and decision support in SIEM systems [Paper Presentation]. International Conference on Availability, Reliability and Security, Regensburg, Germany.
  • Kreizman, G. (2011, October 4–6). An introduction to information security architecture [Paper presentation]. Gartner the Future of IT Conference, Mexico City, Mexico.
  • Krummenacher, R., & Strang, T. (2007, January 21). Ontology-based context modeling [Paper presentation]. Third Workshop on Context-Aware Proactive Systems (CAPS’07), Guildford, UK.
  • Lallie, H. S., Debattista, K., & Bal, J. (2018). An empirical evaluation of the effectiveness of attack graphs and fault trees in cyber-attack perception. IEEE Transactions on Information Forensics and Security, 13(5), 1110–1122. https://doi.org/10.1109/TIFS.2017.2771238
  • Laverdiere, M.-A., Mourad, A., Hanna, A., & Debbabi, M. (2006, May 7–10). Security design patterns: survey and evaluation [Paper presentation]. Canadian Conference on Electrical and Computer Engineering (CCECE), Ottawa, ON, Canada.
  • Lee, S.-W. (2011, June 27–29). Probabilistic risk assessment for security requirements: A preliminary study [Paper presentation]. The Fifth International Conference on Secure Software Integration and Reliability Improvement (SSIRI), Jeju Island, South Korea.
  • Lippmann, R. P., Riordan, J. F., Yu, T. H., & Watson, K. K. (2012). Continuous security metrics for prevalent network threats: Introduction and first four metrics. Lincoln Laboratory, Massachusetts Institute of Technology.
  • Liveri, D., & Sarri, A. (2014). An evaluation framework for national cyber security strategies. ENISA National Cyber Security Strategies.
  • Lundholm, K., Hallberg, J., & Granlund, H. (2011). Design and use of information security metrics. Swedish Defense Research Agency.
  • Magar, A., & Security, S. (2016). State-of-the-art in cyber threat models and methodologies. Defense Research and Development Canada.
  • Mavropoulos, O., Mouratidis, H., Fish, A., Panaousis, E., & Kalloniatis, C. (2016, June 13–17). Apparatus: Reasoning about security requirements in the internet of things [Paper presentation]. The Advanced Information Systems Engineering Workshops, Ljubljana, Slovenia.
  • Mavropoulos, O., Mouratidis, H., Fish, A., Panaousis, E., & Kalloniatis, C. (2017). A conceptual model to support security analysis in the internet of things. Computer Science and Information Systems, 14(2), 557–578. https://doi.org/10.2298/CSIS160110016M
  • McCumber, J. (1991, October 1–4). Information systems security: a comprehensive model [Paper presentation]. 14th National Computer Security Conference, Washington, DC.
  • Miehling, E., Rasouli, M., & Teneketzis, D. (2018). A POMDP approach to the dynamic defense of large-scale cyber networks. IEEE Transactions on Information Forensics and Security, 13(10), 2490–2505. https://doi.org/10.1109/TIFS.2018.2819967
  • Ming, L., Wang, D., Zhang, L., Kuang, X., Tang, J., & Wang, C. (2011, October 21–23). Index system of network security and survivability [Paper presentation]. The First International Conference on Instrumentation, Measurement, Computer, Communication and Control, Biejing, China.
  • Mohan, P., & Singh, M. (2015). Ontological approach for context aware modeling and reasoning in sensor networks. Internationl Journal of Computer Technology and Applications, 6(2), 244–248.
  • Munoz-Gonzalez, L., Sgandurra, D., Paudice, A., & Lupu, E. C. (2017). Efficient attack graph analysis through approximate inference. ACM Transactions on Privacy and Security, 20(3), 1–31. https://doi.org/10.1145/3105760
  • Nguyen, V. (2011). Ontologies and information systems: a literature survey. Defense Science and Technology Organization (DSTO).
  • Niu, D.-D., Liu, L., Zhang, X., Lü, S., & Li, Z. (2016). Security analysis model, system architecture and relation model of enterprise cloud services. International Journal of Automation and Computing, 13(6), 574–584. https://doi.org/10.1007/s11633-016-1014-2
  • NSTC. (2011). TrustWorthy cyberspace: Strategic plan for the federal cybersecurity research and development program. National Science and Technology Council.
  • NSTC. (2014). Report on implementing the federal cybersecurity research and development strategy. National Science and Technology Council.
  • NSTC. (2015). Science of security lablets progress on hard problems. National Science and Technology Council.
  • NSTC. (2016). Federal cybersecurity research and development strategic plan. National Science and Technology Council.
  • Othmane, L. B., Ranchal, R., Fernando, R., Bhargava, B., & Bodden, E. (2015). Incorporating attacker capabilities in risk estimation and mitigation. Computers & Security, 51, 41–61. https://doi.org/10.1016/j.cose.2015.03.001
  • Ou, X., Boyer, W. F., & McQueen, M. A. (2006, October 30 to November 03). A scalable approach to attack graph generation [Paper presentation]. The 13th ACM Conference on Computer and Communications Security (CCS), Alexandria, VA, USA.
  • Ouedraogo, M., Savola, R. M., Mouratidis, H., Preston, D., Khadraoui, D., & Dubois, E. (2013). Taxonomy of quality metrics for assessing assurance of security correctness. Software Quality Journal, 21(1), 67–97. https://doi.org/10.1007/s11219-011-9169-0
  • Pan, R., Ding, Z., Yu, Y., & Peng, Y. (2005, November 6–10). A Bayesian network approach to ontology mapping [Paper presentation]. The 4th International Semantic Web Conference (ISWC), Galway, Ireland.
  • Pendleton, M., Garcia-Lebron, R., Cho, J.-H., & Xu, S. (2017). A survey on systems security metrics. ACM Computing Surveys, 49(4), 1–35. https://doi.org/10.1145/3005714
  • Peng, Y., & Ding, Z. (2005, July 26–29). Modifying Bayesian networks by probability constraints [Paper presentation]. The 21st Conference on Uncertainty in Artificial Intelligence, Edinburgh, UK.
  • Pritzker, P., & May, W. (2014). Assessing security and privacy controls in federal information systems and organizations. National Institute of Standards and Technology.
  • Priya, K. S. S., & Kalpana, Y. (2016). A review on context modeling techniques in context aware computing. International Journal of Engineering and Technology, 8(1), 429–433.
  • Rajasooriya, S. M., Tsokos, C. P., & Kaluarachchi, P. K. (2016). Stochastic modelling of vulnerability life cycle and security risk evaluation. Journal of Information Security, 7(4), 269–279. https://doi.org/10.4236/jis.2016.74022
  • Ramos, A., Lazar, M., Filho, R. H., & Rodrigues, J. J. P. C. (2017). Model-based quantitative network security metrics: A survey. IEEE Journal Communications Surveys & Tutorials, 19, 4.
  • Robinson, S., Arbez, G., Birta, L. G., Tolk, A., & Wagner, G. (2015, December 6–9). Conceptual modeling: Definition, purpose and benefits [Paper presentation]. The 2015 Simulation Conference, Huntington Beach, CA, USA.
  • Rosa, F. F., Bonacin, R., & Jino, M. (2017). The security assessment domain: A survey of taxonomies and ontologies. Renato Archer Information Technology Center (CTI).
  • Rosa, F. F., & Jino, M. (2017). A survey of security assessment ontologies. In J. Kacprzyk (Ed.), Advances in intelligent systems and computing (569th ed., pp. 166–173). Springer International Publishing.
  • Sadighian, A., Fernandez, J. M., Lemay, A., & Zargar, S. T. (2013, October 21–22). ONTIDS: A flexible context-aware and ontology-based alert correlation framework [Paper presentation]. 6th International Symposium on Foundations and Practice of Security, La Rochelle, France.
  • Saeedi, S. (2013). Context-aware personal navigation services using multilevel sensor fusion algorithms [Unpublished doctoral dissertation]. University of Calgary.
  • Salini, P., & Kanmani, S. (2013). Ontology-based representation of reusable security requirements for developing secure web applications. International Journal of Internet Technology and Secured Transactions, 5(1), 63–83. https://doi.org/10.1504/IJITST.2013.058295
  • Savola, R. (2007, August 23–25). Towards a security metrics taxonomy for the information and communication technology industry [Paper presentation]. International Conference on Software Engineering Advances (ICSEA 2007), Cap Esterel, France.
  • Savola, R. M. (2009). A security metrics taxonomization model for software-intensive systems. Journal of Information Processing Systems, 5(4), 197–206. https://doi.org/10.3745/JIPS.2009.5.4.197
  • Savola, R. M. (2012, August 15–17). Strategies for security measurement objective decomposition [Paper presentation]. Information Security for South Africa (ISSA), Johannesburg, South Africa.
  • Schilit, B. N., Adams, N., & Want, R. (1994, December 8–9). Context-aware computing applications [Paper presentation]. First Workshop on Mobile Computing Systems and Applications (WMCSA), Santa Cruz, CA, USA.
  • Sedaghatbaf, A., & Azgomi, M. A. (2014). Attack modelling and security evaluation based on stochastic activity networks. Security and Communication Networks, 7(4), 714–737. https://doi.org/10.1002/sec.774
  • Sfakianakis, A., Douligeris, C., Marinos, L., Lourenço, M., & Raghimi, O. (2019). ENISA threat landscape report 2018. ENISA.
  • Shariati, M., Bahmani, F., & Shams, F. (2011). Enterprise information security, a review of architectures and frameworks from interoperability perspective. Procedia Computer Science, 3, 537–543. https://doi.org/10.1016/j.procs.2010.12.089
  • Sherwood, J., Clark, A., & Lynas, D. (2009). Enterprise security architecture. SABSA Limited.
  • Singhal, A., & Wijesekera, D. (2010, April 21–23). Ontologies for modeling enterprise level security metrics [Paper presentation]. The Sixth Annual Workshop on Cyber Security and Information Intelligence Research (CSIIRW’10), Oak Ridge, TN, USA.
  • Souag, A., Salinesi, C., Mazo, R., & Comyn-Wattiau, I. (2015, March 4–6). A security ontology for security requirements elicitation [Paper presentation]. 7th International Symposium on Engineering Secure Software and Systems, Milan, Italy.
  • Souag, A., Salinesi, C., & Wattiau, I. (2012, June 25–29). Ontologies for security requirements: A literature survey and classification [Paper presentation]. International Conference on Advanced Information Systems Engineering (CAiSE), Gdańsk, Poland.
  • Strang, T., & Linnhoff-Popien, C. (2004, September 7). A context modeling survey [Paper presentation]. International Workshop on Advanced Context Modelling, Reasoning and Management, UbiComp 2004, Nottingham, England.
  • Sun, J., & Chen, Y. (2008, November 20). Intelligent enterprise information security architecture based on service oriented architecture [Paper presentation]. International Seminar on Future Information Technology and Management Engineering, Leicestershire, UK.
  • Sun, X., Dai, J., Liu, P., Singhal, A., & Yen, J. (2018). Using Bayesian networks for probabilistic identification of zero-day attack paths. IEEE Transactions on Information Forensics and Security, 13(10), 2506–2521. https://doi.org/10.1109/TIFS.2018.2821095
  • Topcu, F. (2011). Context modeling and reasoning techniques. Department of Telecommunication Systems, Technical University of Berlin.
  • Tran, H., Campos-Nanez, E., Fomin, P., & Wasek, J. (2016). Cyber resilience recovery model to combat zero-day malware attacks. Computers & Security, 61, 19–31. https://doi.org/10.1016/j.cose.2016.05.001
  • Tripathi, A., & Singh, U. K. (2013). A model for quantitative security measurement and prioritization of vulnerability mitigation. International Journal of Security and Networks, 8(3), 139–153. https://doi.org/10.1504/IJSN.2013.057696
  • Tsoumas, B., & Gritzalis, D. (2006, April 18–20). Towards an ontology-based security management [Paper presentation]. 20th International Conference on Advanced Information Networking and Applications, Vienna, Austria.
  • Wamala, F. (2011). National cybersecurity strategy guide. ITU.
  • Weiss, J. D. (1991, October 1–4). A system security engineering process [Paper presentation]. 14th National Computer Security Conference, Washington, DC.
  • Wita, R., Jiamnapanon, N., & Teng-Amnuay, Y. (2010, April 2–4). An ontology for vulnerability lifecycle [Paper presentation]. Third International Symposium on Intelligent IT and Security Informatics, Jinggangshan, China.
  • Wrona, K., & Gomez, L. (2006). Context-aware security and secure context-awareness in ubiquitous computing environments. Annales Universitatis Mariae Curie-Sklodowska, Sectio AI–Informatica, 4(1), 332–348.
  • Xie, A., Cai, Z., Tand, C., Hu, J., & Chen, Z. (2009, December 7–11). Evaluating network security with two-layer attack graphs [Paper presentation]. The 25th Annual Computer Security Applications Conference (ACSAC), Honolulu, HI, USA.
  • Xiong, W., & Lagerström, R. (2019). Threat modeling-A systematic literature review. Computers & Security Journal, 84, 53–69. https://doi.org/10.1016/j.cose.2019.03.010
  • Yang, Y., Cai, Z., Wang, C., & Zhang, J. (2018). Probabilistically inferring attack ramifications using temporal dependency network. IEEE Transactions on Information Forensics and Security, 13(11), 2913–2928. https://doi.org/10.1109/TIFS.2018.2833048
  • Yang, L., Hu, Z., Long, J., & Guo, T. (2011, October 24–26). 5W1H-based conceptual modeling framework for domain ontology and its application on STPO [Paper presentation]. Seventh International Conference on Semantics, Knowledge and Grids, Beijing, China.
  • Yngstrom, L. (2009). Controlled information security. Department of Computer and Systems Sciences, DSV, Stockholm University and the Royal Institute of Technology.
  • Yoshioka, N., Washizaki, H., & Maruyama, K. (2008). A survey on security patterns. Progress in Informatics, 5(5), 35–47. https://doi.org/10.2201/NiiPi.2008.5.5
  • Yusuf, S. E., Ge, M., Hong, J. B., Kim, H. K., Kim, P., & Kim, D. S. (2016, December 8–10). Security modelling and analysis of dynamic enterprise networks [Paper presentation]. IEEE International Conference on Computer and Information Technology (CIT), Nadi, Fiji.
  • Zhang, S. (2014). Quantitative risk assessment under multi-context environments [Unpublished doctoral dissertation]. Kansas State University.

Reprints and Corporate Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

To request a reprint or corporate permissions for this article, please click on the relevant link below:

Order Reprints Request Corporate Permissions

Academic Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

Obtain permissions instantly via Rightslink by clicking on the button below:

Request Academic Permissions

If you are unable to obtain permissions via Rightslink, please complete and submit this Permissions form. For more information, please visit our Permissions help page.

Related research

People also read lists articles that other readers of this article have read.

Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine.

Cited by lists all citing articles based on Crossref citations.
Articles with the Crossref icon will open in a new tab.