A Model For risk-Based adaptive security controls
|Miguel Calvo, Marta Beltrán, A Model For risk-Based adaptive security controls, Computers & Security, Volume 115, 2022, 102612, ISSN 0167-4048, https://doi.org/10.1016/j.cose.2022.102612. (https://www.sciencedirect.com/science/article/pii/S0167404822000116)
|This research has been supported by the Madrid region (EdgeData, Grant Ref. P2018/TCS-4499) and by a research contract with Rated Power (art.83 M2186). Miguel Calvo is supported by grants from the Rey Juan Carlos University (ref. C-PREDOC21-007).
|Security controls and countermeasures have shifted from static desktop-based and corporate network environments to heterogeneous, distributed and dynamic environments (e.g., cloud and mobile computing or Internet of Things). Due to this paradigm shift, adaptive and risk-based approaches have gained significant importance. These approaches allow security managers to perform context-aware decision making, adapting controls’ deployment, configuration or use to every specific situation, depending on the current value of risk indicators or scores and on the level of risk tolerated by the organisation at any given time. This paper proposes a model to automatically adapt security controls to different risk scenarios in almost real-time (if required). This model is based on a three-layer architecture and a three-step flow (measurement-decision-adaptation), relying on a scalable policies&rules framework capable of integrating with different kinds of controls. Furthermore, the proposed model is validated and evaluated with an actual use case.
|Attribution-NonCommercial-NoDerivatives 4.0 Internacional
|Context-aware decision making
|Dynamic security controls
|A Model For risk-Based adaptive security controls
Files in this item
This item appears in the following Collection(s)
Artículos de Revista 
Except where otherwise noted, this item's license is described as Attribution-NonCommercial-NoDerivatives 4.0 Internacional