@INPROCEEDINGS{BREU-08-WPA,
  author = {Ruth Breu and Frank {Innerhofer–Oberperfler} and Artsiom Yautsiukhin},
  title = {Quantitative assessment of enterprise security system},
  booktitle = {In Proceedings of the 1st International Workshop on Privacy and Assurance (WPA-2008)},
  year = {2008},
  publisher = {IEEE Computer Society Press},
  abstract = {In this paper we extend a model-based approach to security management with concepts and methods that provide a possibility for quantitative assessments. For this purpose we introduce security metrics and explain how they are aggregated using the underlying model as a frame. We measure numbers of attack of certain threats and estimate their likelihood of propagation along the dependencies in the underlying model. Using this approach we can identify which threats have the strongest impact on business security objectives and how various security controls might},
  timestamp = {2008.01.16},
  url = {http://dit.unitn.it/~evtiukhi/Resources/BREU-08-WPA.pdf}
}