A quantitative evaluation of vulnerability scanning

Holm, Hannes; Sommestad, Teodor; Almroth, Jonas; Persson, Mats

doi:10.1108/09685221111173058

Cited by 57 publications

(25 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…All three tools described above use the vulnerability scanner Nessus to collect these data. However, a recent accuracy test shows that Nessus misses more than half of the vulnerabilities when given access credentials to the hosts in a network and four out of five vulnerabilities when credentials are not given [28]. Thus, the automated scans on which the three tools rely are not reliable when individual vulnerabilities must be detected.…”

Section: Structured Methods For Security Assessmentmentioning

confidence: 99%

The Cyber Security Modeling Language: A Tool for Assessing the Vulnerability of Enterprise System Architectures

Sommestad

Ekstedt

Holm

2013

IEEE Systems Journal

Self Cite

133

View full text Add to dashboard Cite

Section: Structured Methods For Security Assessmentmentioning

confidence: 99%

The Cyber Security Modeling Language: A Tool for Assessing the Vulnerability of Enterprise System Architectures

Sommestad

Ekstedt

Holm

2013

IEEE Systems Journal

Self Cite

133

View full text Add to dashboard Cite

“…all the information regarding vulnerabilities that CySeMoL requires. Regarding ii), the scanning accuracy in terms of assessing vulnerabilities is studied in [5]. The accuracy in terms of assessing software, operating systems and such is something that will be examined in future works.…”

Section: Discussion and Future Workmentioning

confidence: 99%

“…Conforms to The vulnerability scanner NeXpose was chosen in this project as it has demonstrated good results in previous tests [5]. NeXpose [8] is an active (i.e.…”

Section: Conforms Tomentioning

confidence: 99%

A Tool for Automatic Enterprise Architecture Modeling

Buschle

Holm

Sommestad

et al. 2012

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Abstract. Enterprise architecture is an approach which aim to provide decision support based on organization-wide models. The creation of these models is however cumbersome as multiple aspects of an organization need to be considered. The Enterprise Architecture approach would be signi cantly less demanding if data used to create the models could be collected automatically. This paper illustrates how a vulnerability scanner can be utilized for data collection in order to automatically create enterprise architecture models. We show how this approach can be realized by extending an earlier presented Enterprise Architecture tool. An example is provided through a case study applying the tool on a real network.

show abstract

“…The builder receives the effective vulnerabilities of S through the output of a vulnerability scanning of each node of S [26]. The assessment can extend the vulnerabilities the scanning return by specifying potential vulnerabilities and/or those of the users.…”

Section: Modeling An Ict Systemmentioning

confidence: 99%

Assessing and managing the information and communication risk of power generation

Baiardi

Tonelli

Guidi

et al. 2015

Computers & Electrical Engineering

View full text Add to dashboard Cite

Keywords:Risk assessment Metric Intelligent agent Model based assessment Monte Carlo method Industrial control system a b s t r a c t We describe a model-based assessment of information and communication technology (ICT) risk that produces statistical samples by simulating the attacks of intelligent agents. To support this assessment, we have developed an integrated set of tools, the Haruspex suite. Some of its tools build the models of the target system and those of the agents that other tools apply to simulate the agent attacks. Further tools analyze the output of the simulation. After outlining the proposed approach and the suite, we describe the assessments of two industrial control systems that supervise, respectively, a thermoelectric generation plan and a hydroelectric one. To simplify the presentation of the output of these assessments, we introduce the security stress, a synthetic measure of how a system resists to attacks.

show abstract

A quantitative evaluation of vulnerability scanning

Cited by 57 publications

References 25 publications

The Cyber Security Modeling Language: A Tool for Assessing the Vulnerability of Enterprise System Architectures

The Cyber Security Modeling Language: A Tool for Assessing the Vulnerability of Enterprise System Architectures

A Tool for Automatic Enterprise Architecture Modeling

Assessing and managing the information and communication risk of power generation

Contact Info

Product

Resources

About