Risk Management System Prototype based on an Extended Time-To-Compromise (TTC) Metric

Mantel, Alex

License:
Title:	Risk Management System Prototype based on an Extended Time-To-Compromise (TTC) Metric
Language:	English
Authors:	Mantel, Alex
Keywords:	IT-Sicherheit; Metriken; Time to Compromise; Modellierung; Risiko Management; Prototyp; Schwachstellenmanagement; CVE; CPE; IT-Security; Metrics; Time to Compromise; Asset Modeling; Risk Management; Prototype; Vulnerability Management; CVE; CPE
Issue Date:	20-Sep-2018
Abstract:	Goal of this work was the creation of a risk management system, with the use of β-Time-To- Compromise metric (Andrej Zieger (2018)) and an advisory datbase. During the process from requirements analysis till the end of the iplementation we aim to support a risk management process (Stoneburner u. a. (2002)). A system is rated by a persistent model, not as common by a impersistent vulnerabiliy scan. This work is relevant for security managers, risk managers and critical emergency response teams. Ziel dieser Arbeit war es ein Riskomanagementsystem zu entwickeln, welches sich der Metrik β-Time-To-Compromise (Andrej Zieger (2018)) und einer Advisory Datenbank bedient. Von der Auflistung der Anforderungen bis hin zur Implementation wurde ein Riskomanagement Prozess begleitet (Stoneburner u. a. (2002)). Ein System soll demnach für eine Bewertung persistent modelliert werden und nicht, wie es bisher üblich ist, aus flüchtigen Schwachstellenscans. Die Arbeit hat den Anspruch für Sicherheitsbeauftragte, Riskomanager und Critical Emergency Response Teams interessant zu sein.
URI:	http://hdl.handle.net/20.500.12738/8451
Institute:	Department Informatik
Type:	Thesis
Thesis type:	Bachelor Thesis
Advisor:	Kossakowski, Klaus-Peter
Referee:	Sarstedt, Stefan
Appears in Collections:	Theses