riskanalysis
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
riskanalysis [2017/10/23 19:37] – [Factors of risk] lallodi | riskanalysis [2021/01/10 21:04] (current) – external edit 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== Cyber-Risk Analysis and Quantification ====== | ====== Cyber-Risk Analysis and Quantification ====== | ||
+ | This research line at TU/e SEC is led by [[http:// | ||
===== Vulnerability remediation ===== | ===== Vulnerability remediation ===== | ||
Line 10: | Line 11: | ||
- introduce new vulnerabilities. | - introduce new vulnerabilities. | ||
- | The IT response to that is, in general: “any severe-enough vulnerability must be fixed”. The industry standard to measure vulnerability severity is the Common Vulnerability Scoring System (CVSS) by NIST, but this is known to be uncorrelated with actual exploits [[http:// | + | The IT response to that is, in general: “any severe-enough vulnerability must be fixed”. The industry standard to measure vulnerability severity is the Common Vulnerability Scoring System (CVSS) by NIST, but this is known to be uncorrelated with actual exploits [[http:// |
- | confounding factors [[http:// | + | confounding factors [[http:// |
This led to poor vulnerability management practices whereby vulnerability patching work is overwhelmed by the huge number of patches to install, that cannot however be straightforwardly applied because of the concerns outlined above. | This led to poor vulnerability management practices whereby vulnerability patching work is overwhelmed by the huge number of patches to install, that cannot however be straightforwardly applied because of the concerns outlined above. | ||
Line 24: | Line 25: | ||
Cyber-attacks can be roughly classified in two categories: | Cyber-attacks can be roughly classified in two categories: | ||
- | - **Targeted cyber-attacks**: | + | - **Targeted cyber-attacks**: |
- **Untargeted cyber-attacks**: | - **Untargeted cyber-attacks**: | ||
riskanalysis.1508780256.txt.gz · Last modified: 2021/01/10 20:59 (external edit)