Security Risk Analysis of Enterprise Networks Using Probabilistic Atttack Graphs: Nistir 7788

NISTIR 7788 August 2011

Today's information systems face sophisticated attackers who combine multiple vulnerabilities to penetrate networks with devastating impact. The overall security of an enterprise network cannot be determined by simply counting the number of vulnerabilities. To more accurately assess the security of enterprise systems, one must understand how vulnerabilities can be combined and exploited to stage an attack. Composition of vulnerabilities can be modeled using probabilistic attack graphs, which show all paths of attacks that allow incremental network penetration. Attack likelihoods are propagated through the attack graph, yielding a novel way to measure the security risk of enterprise systems. This metric for risk mitigation analysis is used to maximize the security of enterprise systems. This methodology based on probabilistic attack graphs can be used to evaluate and strengthen the overall security of enterprise networks.

Why buy a book you can download for free?

First you gotta find it and make sure it's the latest version (not always easy). Then you gotta print it using a network printer you share with 100 other people - and its outta paper - and the toner is low (take out the toner cartridge, shake it, then put it back). If it's just 10 pages, no problem, but if it's a 250-page book, you will need to punch 3 holes in all those pages and put it in a 3-ring binder. Takes at least an hour. An engineer that's paid $75 an hour has to do this himself (who has assistant's anymore?).

If you are paid more than $10 an hour and use an ink jet printer, buying this book will save you money.

It's much more cost-effective to just order the latest version from Amazon.com

This book is published by 4th Watch Books and includes copyright material. We publish compact, tightly-bound, full-size books (8 1/2 by 11 inches), with glossy covers. 4th Watch Books is a Service Disabled Veteran-Owned Small Business (SDVOSB), and is not affiliated with the National Institute of Standards and Technology.

For more titles published by 4th Watch Books, please visit: cybah.webplus.net

A full copy of all the pertinent cybersecurity standards is available on DVD-ROM in the CyberSecurity Standards Library disc which is available at Amazon.com.

NIST SP 500-299 NIST Cloud Computing Security Reference Architecture

NIST SP 500-291 NIST Cloud Computing Standards Roadmap Version 2

NIST SP 500-293 US Government Cloud Computing Technology Roadmap Volume 1 & 2

NIST SP 500-293 US Government Cloud Computing Technology Roadmap Volume 3 DRAFT