Show simple item record

A Model For risk-Based adaptive security controls

dc.contributor.authorCalvo, Miguel
dc.contributor.authorBeltrán, Marta
dc.date.accessioned2023-09-20T08:24:08Z
dc.date.available2023-09-20T08:24:08Z
dc.date.issued2022
dc.identifier.citationMiguel Calvo, Marta Beltrán, A Model For risk-Based adaptive security controls, Computers & Security, Volume 115, 2022, 102612, ISSN 0167-4048, https://doi.org/10.1016/j.cose.2022.102612. (https://www.sciencedirect.com/science/article/pii/S0167404822000116)es
dc.identifier.issn0167-4048
dc.identifier.urihttps://hdl.handle.net/10115/24403
dc.descriptionThis research has been supported by the Madrid region (EdgeData, Grant Ref. P2018/TCS-4499) and by a research contract with Rated Power (art.83 M2186). Miguel Calvo is supported by grants from the Rey Juan Carlos University (ref. C-PREDOC21-007).es
dc.description.abstractSecurity controls and countermeasures have shifted from static desktop-based and corporate network environments to heterogeneous, distributed and dynamic environments (e.g., cloud and mobile computing or Internet of Things). Due to this paradigm shift, adaptive and risk-based approaches have gained significant importance. These approaches allow security managers to perform context-aware decision making, adapting controls’ deployment, configuration or use to every specific situation, depending on the current value of risk indicators or scores and on the level of risk tolerated by the organisation at any given time. This paper proposes a model to automatically adapt security controls to different risk scenarios in almost real-time (if required). This model is based on a three-layer architecture and a three-step flow (measurement-decision-adaptation), relying on a scalable policies&rules framework capable of integrating with different kinds of controls. Furthermore, the proposed model is validated and evaluated with an actual use case.es
dc.language.isospaes
dc.publisherElsevieres
dc.rightsAttribution-NonCommercial-NoDerivatives 4.0 Internacional*
dc.rights.urihttp://creativecommons.org/licenses/by-nc-nd/4.0/*
dc.subjectAdaptive securityes
dc.subjectContext-aware decision makinges
dc.subjectDynamic security controlses
dc.subjectMAPE Loopes
dc.subjectRisk-based securityes
dc.titleA Model For risk-Based adaptive security controlses
dc.typeinfo:eu-repo/semantics/articlees
dc.identifier.doi10.1016/j.cose.2022.102612es
dc.rights.accessRightsinfo:eu-repo/semantics/openAccesses


Files in this item

This item appears in the following Collection(s)

Show simple item record

Attribution-NonCommercial-NoDerivatives 4.0 InternacionalExcept where otherwise noted, this item's license is described as Attribution-NonCommercial-NoDerivatives 4.0 Internacional