The Experts below are selected from a list of 18 Experts worldwide ranked by ideXlab platform
Mridul Sankar Barik - One of the best experts on this subject based on the ideXlab platform.
-
a two phase quantitative methodology for enterprise information security risk analysis
Proceedings of the CUBE International Information Technology Conference on, 2012Co-Authors: Jaya Bhattacharjee, Anirban Sengupta, Chandan Mazumdar, Mridul Sankar BarikAbstract:As Enterprise information infrastructure is becoming more and more complex, and connected, amount of risks to enterprise assets is increasing. Hence, the process of identification, analysis, and mitigation of Information Security risks has assumed utmost importance. This paper presents a quantitative information security risk analysis methodology for enterprises. The proposed methodology incorporates two approaches. Consolidated approach identifies risk as a single value for each asset. Detailed approach identifies the threat-Vulnerability Pair responsible for a risk and computes a risk factor corresponding to each security property for every asset. The assets are classified into three different risk zones namely high, medium and low risk zone. For high-risk assets, management may install high cost infrastructure to safeguard an asset; for medium-risk assets, management may apply security policies, guidelines and procedures; management may decide not to invest anything for assets at low-risk.
-
CUBE - A two-phase quantitative methodology for enterprise information security risk analysis
Proceedings of the CUBE International Information Technology Conference on - CUBE '12, 2012Co-Authors: Jaya Bhattacharjee, Anirban Sengupta, Chandan Mazumdar, Mridul Sankar BarikAbstract:As Enterprise information infrastructure is becoming more and more complex, and connected, amount of risks to enterprise assets is increasing. Hence, the process of identification, analysis, and mitigation of Information Security risks has assumed utmost importance. This paper presents a quantitative information security risk analysis methodology for enterprises. The proposed methodology incorporates two approaches. Consolidated approach identifies risk as a single value for each asset. Detailed approach identifies the threat-Vulnerability Pair responsible for a risk and computes a risk factor corresponding to each security property for every asset. The assets are classified into three different risk zones namely high, medium and low risk zone. For high-risk assets, management may install high cost infrastructure to safeguard an asset; for medium-risk assets, management may apply security policies, guidelines and procedures; management may decide not to invest anything for assets at low-risk.
R G Shilpa - One of the best experts on this subject based on the ideXlab platform.
-
Vulnerability coverage criteria for security testing of web applications
Advances in Computing and Communications, 2018Co-Authors: Pvr Murthy, R G ShilpaAbstract:Security and penetration testing tasks for web applications are important as they enable detection of vulnerabilities that attackers may exploit. Existing security coverage criteria or test adequacy criteria do not have a systematic basis. An attempt is made to define test adequacy criteria for web applications by abstracting a functional test as a sequence of events and mapping events to vulnerabilities as a basis for the design of security or penetration tests. Tests are designed primarily based on functional specifications of a web application, however, information about potential vulnerabilities at events may be gathered from different relevant sources including vulnerable regions of application code. A few interesting and effective security test adequacy criteria such as Vulnerability-length-1, Vulnerability-length-n and Vulnerability Pair-wise coverage are proposed as a basis for security test design or automatic test generation from models such as finite-state machines. The concepts are applied on a web application in the banking domain for demonstration purposes.
-
ICACCI - Vulnerability Coverage Criteria for Security Testing of Web Applications
2018 International Conference on Advances in Computing Communications and Informatics (ICACCI), 2018Co-Authors: Pvr Murthy, R G ShilpaAbstract:Security and penetration testing tasks for web applications are important as they enable detection of vulnerabilities that attackers may exploit. Existing security coverage criteria or test adequacy criteria do not have a systematic basis. An attempt is made to define test adequacy criteria for web applications by abstracting a functional test as a sequence of events and mapping events to vulnerabilities as a basis for the design of security or penetration tests. Tests are designed primarily based on functional specifications of a web application, however, information about potential vulnerabilities at events may be gathered from different relevant sources including vulnerable regions of application code. A few interesting and effective security test adequacy criteria such as Vulnerability-length-1, Vulnerability-length-n and Vulnerability Pair-wise coverage are proposed as a basis for security test design or automatic test generation from models such as finite-state machines. The concepts are applied on a web application in the banking domain for demonstration purposes.
Jaya Bhattacharjee - One of the best experts on this subject based on the ideXlab platform.
-
a two phase quantitative methodology for enterprise information security risk analysis
Proceedings of the CUBE International Information Technology Conference on, 2012Co-Authors: Jaya Bhattacharjee, Anirban Sengupta, Chandan Mazumdar, Mridul Sankar BarikAbstract:As Enterprise information infrastructure is becoming more and more complex, and connected, amount of risks to enterprise assets is increasing. Hence, the process of identification, analysis, and mitigation of Information Security risks has assumed utmost importance. This paper presents a quantitative information security risk analysis methodology for enterprises. The proposed methodology incorporates two approaches. Consolidated approach identifies risk as a single value for each asset. Detailed approach identifies the threat-Vulnerability Pair responsible for a risk and computes a risk factor corresponding to each security property for every asset. The assets are classified into three different risk zones namely high, medium and low risk zone. For high-risk assets, management may install high cost infrastructure to safeguard an asset; for medium-risk assets, management may apply security policies, guidelines and procedures; management may decide not to invest anything for assets at low-risk.
-
CUBE - A two-phase quantitative methodology for enterprise information security risk analysis
Proceedings of the CUBE International Information Technology Conference on - CUBE '12, 2012Co-Authors: Jaya Bhattacharjee, Anirban Sengupta, Chandan Mazumdar, Mridul Sankar BarikAbstract:As Enterprise information infrastructure is becoming more and more complex, and connected, amount of risks to enterprise assets is increasing. Hence, the process of identification, analysis, and mitigation of Information Security risks has assumed utmost importance. This paper presents a quantitative information security risk analysis methodology for enterprises. The proposed methodology incorporates two approaches. Consolidated approach identifies risk as a single value for each asset. Detailed approach identifies the threat-Vulnerability Pair responsible for a risk and computes a risk factor corresponding to each security property for every asset. The assets are classified into three different risk zones namely high, medium and low risk zone. For high-risk assets, management may install high cost infrastructure to safeguard an asset; for medium-risk assets, management may apply security policies, guidelines and procedures; management may decide not to invest anything for assets at low-risk.
Pvr Murthy - One of the best experts on this subject based on the ideXlab platform.
-
Vulnerability coverage criteria for security testing of web applications
Advances in Computing and Communications, 2018Co-Authors: Pvr Murthy, R G ShilpaAbstract:Security and penetration testing tasks for web applications are important as they enable detection of vulnerabilities that attackers may exploit. Existing security coverage criteria or test adequacy criteria do not have a systematic basis. An attempt is made to define test adequacy criteria for web applications by abstracting a functional test as a sequence of events and mapping events to vulnerabilities as a basis for the design of security or penetration tests. Tests are designed primarily based on functional specifications of a web application, however, information about potential vulnerabilities at events may be gathered from different relevant sources including vulnerable regions of application code. A few interesting and effective security test adequacy criteria such as Vulnerability-length-1, Vulnerability-length-n and Vulnerability Pair-wise coverage are proposed as a basis for security test design or automatic test generation from models such as finite-state machines. The concepts are applied on a web application in the banking domain for demonstration purposes.
-
ICACCI - Vulnerability Coverage Criteria for Security Testing of Web Applications
2018 International Conference on Advances in Computing Communications and Informatics (ICACCI), 2018Co-Authors: Pvr Murthy, R G ShilpaAbstract:Security and penetration testing tasks for web applications are important as they enable detection of vulnerabilities that attackers may exploit. Existing security coverage criteria or test adequacy criteria do not have a systematic basis. An attempt is made to define test adequacy criteria for web applications by abstracting a functional test as a sequence of events and mapping events to vulnerabilities as a basis for the design of security or penetration tests. Tests are designed primarily based on functional specifications of a web application, however, information about potential vulnerabilities at events may be gathered from different relevant sources including vulnerable regions of application code. A few interesting and effective security test adequacy criteria such as Vulnerability-length-1, Vulnerability-length-n and Vulnerability Pair-wise coverage are proposed as a basis for security test design or automatic test generation from models such as finite-state machines. The concepts are applied on a web application in the banking domain for demonstration purposes.
Anirban Sengupta - One of the best experts on this subject based on the ideXlab platform.
-
a two phase quantitative methodology for enterprise information security risk analysis
Proceedings of the CUBE International Information Technology Conference on, 2012Co-Authors: Jaya Bhattacharjee, Anirban Sengupta, Chandan Mazumdar, Mridul Sankar BarikAbstract:As Enterprise information infrastructure is becoming more and more complex, and connected, amount of risks to enterprise assets is increasing. Hence, the process of identification, analysis, and mitigation of Information Security risks has assumed utmost importance. This paper presents a quantitative information security risk analysis methodology for enterprises. The proposed methodology incorporates two approaches. Consolidated approach identifies risk as a single value for each asset. Detailed approach identifies the threat-Vulnerability Pair responsible for a risk and computes a risk factor corresponding to each security property for every asset. The assets are classified into three different risk zones namely high, medium and low risk zone. For high-risk assets, management may install high cost infrastructure to safeguard an asset; for medium-risk assets, management may apply security policies, guidelines and procedures; management may decide not to invest anything for assets at low-risk.
-
CUBE - A two-phase quantitative methodology for enterprise information security risk analysis
Proceedings of the CUBE International Information Technology Conference on - CUBE '12, 2012Co-Authors: Jaya Bhattacharjee, Anirban Sengupta, Chandan Mazumdar, Mridul Sankar BarikAbstract:As Enterprise information infrastructure is becoming more and more complex, and connected, amount of risks to enterprise assets is increasing. Hence, the process of identification, analysis, and mitigation of Information Security risks has assumed utmost importance. This paper presents a quantitative information security risk analysis methodology for enterprises. The proposed methodology incorporates two approaches. Consolidated approach identifies risk as a single value for each asset. Detailed approach identifies the threat-Vulnerability Pair responsible for a risk and computes a risk factor corresponding to each security property for every asset. The assets are classified into three different risk zones namely high, medium and low risk zone. For high-risk assets, management may install high cost infrastructure to safeguard an asset; for medium-risk assets, management may apply security policies, guidelines and procedures; management may decide not to invest anything for assets at low-risk.
