INVITED SPEAKERDr. Anoop Singhal, Computer Scientist at the National Institiude of Standards and Technology (NIST), Computer Security Division
Security Metrics and Risk Analysis for Enterprise Systems
Protection of enterprise systems from cyber attacks is a challenge. Vulnerabilities are regularly discovered in software systems that are exploited to launch cyber attacks. Security Analysts need objective metrics to manage the security risk of an enterprise systems. In this talk, we will give an overview of our research on security metrics and challenges for security risk analysis of enterprise systems. A standard model for security metrics will enable us to answer questions such as "are we more secure than yesterday" or "how does the security of one system compare with another?" We will present a methodology for security risk analysis that is based on the model of Attack Graphs and the Common Vulnerability Scoring System (CVSS).