Professional Documents
Culture Documents
Questions:
-
Vulnerability
Countermeasure
Breach Impact
Compliance
Analyzing these key factors, four prime terms on which ASR depends emerge.
The four key terms are breach cost (Bc), vulnerability density (Vd),
countermeasure efficiency (Ce) and compliance index (CI).
CI is the ratio of a number of compliance requirements met to a total number of
compliance requirements in the application.
Vd is the ratio of number of vulnerabilities to the size of software.
Ce is the measure of implementation efficiency of countermeasures.
Based on application security key terms, a model for ASR has been designed
(ASRM).
LA FIGURA 1 no la alcanzo a ver bien!
For this model, Breach cost (Bc), Vulnerability density (Vd) and CI (Compliance
Index) are the inputs. The ASR metric is the output.
Classification of Applications
Breach Cost Estimation
Vulnerability Density
Countermeasure Efficiency
Compliance Index
ASRM Formulation
1.Classification of Applications
Every application has a unique role. Not all applications offer the same level of
risk. Therefore, the classification of applications is important. This aids in
determining the risk level offered by applications.
Applications are classified into five groups, listed from highest level of risk to
lowest level of risk: critical A1, important A2, strategic A3, internal function
support A4 and general function support applications A5.
thwart
assess
hence
unaware
aims
straightforward to
assess
for
instance
likelihood
frustrar
evaluar
por lo tanto
inconsciente
objetivos
sencillo para evaluar
por ejemplo
probabilidad
Densidad de la
Vulnerability Density vulnerabilidad
Countermeasure
Efficiency
Eficiencia contramedida
Breach Impact
Breach Impacto
Breach
Cost
Costo incumplimiento
Compliance Index
ndice de cumplimiento
this aids in
esto ayuda en la
determining
determinacin de
Halt
Detener
liability
responsabilidad
Cater
Abastecer
allotment
asignacin