Quantitative Security Risk Assessment of Enterprise Networks

  • Xinming Ou
  • Anoop Singhal

Part of the SpringerBriefs in Computer Science book series (BRIEFSCOMPUTER)

Table of contents

  1. Front Matter
    Pages i-xiii
  2. Xinming Ou, Anoop Singhal
    Pages 1-3
  3. Xinming Ou, Anoop Singhal
    Pages 5-8
  4. Xinming Ou, Anoop Singhal
    Pages 9-12
  5. Xinming Ou, Anoop Singhal
    Pages 25-28

About this book


Protection of enterprise networks from malicious intrusions is critical to the economy and security of our nation. This article gives an overview of the techniques and challenges for security risk analysis of enterprise networks. A standard model for security analysis will enable us to answer questions such as “are we more secure than yesterday” or “how does the security of one network configuration compare with another one”. In this article, we will present a methodology for quantitative security risk analysis that is based on the model of attack graphs and the Common Vulnerability Scoring System (CVSS). Our techniques analyze all attack paths through a network, for an attacker to reach certain goal(s).


CVSS Security metrics attack graph enterprise network security risk assessment

Authors and affiliations

  • Xinming Ou
    • 1
  • Anoop Singhal
    • 2
  1. 1., Computing and Information SciencesKansas State UniversityManhattanUSA
  2. 2.and Technology (NIST), Computer Security DivisionNational Institute of StandardsGaithersburgUSA

Bibliographic information

  • DOI
  • Copyright Information The Author(s) 2011
  • Publisher Name Springer, New York, NY
  • eBook Packages Computer Science
  • Print ISBN 978-1-4614-1859-7
  • Online ISBN 978-1-4614-1860-3
  • Series Print ISSN 2191-5768
  • Series Online ISSN 2191-5776
  • Buy this book on publisher's site