Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Techniques for Security Risk Analysis of Enterprise Networks

Summary

Enterprise networks have become essential to the operation of companies, laboratories, universities, and government agencies. As they continue to grow both in size and complexity, their security has become a critical concern. Vulnerabilities are regularly discovered in software applications which are exploited to stage cyber attacks. There is no objective way to measure the security of an enterprise network. As a result it is difficult to answer such objective questions as "are we more secure than yesterday" or "how should we invest our limited resources to improve security" or "how does this vulnerability impact the overall security of my system". By increasing security spending an organization can decrease the risk associated with security breaches. However, to do this tradeoff analysis there is a need for quantitative models of security instead of the current qualitative models. The objective of our research is to develop models and metrics that can be used to objectively assess the security of an enterprise network.

Description

For more information regarding the Techniques for Security Risk Analysis of Enterprise Networks (Renamed:  Measuring Security Risk in Enterprise Networks), please visit the Computer Security Resource Center (CSRC).

Created June 24, 2009, Updated March 19, 2018