Show simple item record

dc.contributor.authorPetraityte, Milda
dc.contributor.authorDehghantanha, Ali
dc.contributor.authorEpiphaniou, Gregory
dc.date.accessioned2018-07-12T13:33:30Z
dc.date.available2018-07-12T13:33:30Z
dc.date.issued2018
dc.identifier.isbn9783319739502
dc.identifier.urihttp://hdl.handle.net/2436/621491
dc.descriptionAdvances in Information Security book series (ADIS, volume 70): Cyber Threat Intelligence
dc.description.abstractVarious researchers have shown that the Common Vulnerability Scoring System (CVSS) has many drawbacks and may not provide a precise view of the risks related to software vulnerabilities. However, many threat intelligence platforms and industry-wide standards are relying on CVSS score to evaluate cyber security compliance. This paper suggests several improvements to the calculation of Impact and Exploitability sub-scores within the CVSS, improve its accuracy and help threat intelligence analysts to focus on the key risks associated with their assets. We will apply our suggested improvements against risks associated with several Android and iOS applications and discuss achieved improvements and advantages of our modelling, such as the importance and the impact of time on the overall CVSS score calculation.
dc.language.isoen
dc.publisherElsevier
dc.subjectCVSS
dc.subjectRisk management
dc.subjectRisk calculation
dc.subjectVulnerability
dc.subjectExploitability
dc.titleA model for Android and iOS applications risk calculation: CVSS analysis and enhancement using case-control studies
dc.typeChapter in book
dc.source.beginpage219
dc.source.endpage237
html.description.abstractVarious researchers have shown that the Common Vulnerability Scoring System (CVSS) has many drawbacks and may not provide a precise view of the risks related to software vulnerabilities. However, many threat intelligence platforms and industry-wide standards are relying on CVSS score to evaluate cyber security compliance. This paper suggests several improvements to the calculation of Impact and Exploitability sub-scores within the CVSS, improve its accuracy and help threat intelligence analysts to focus on the key risks associated with their assets. We will apply our suggested improvements against risks associated with several Android and iOS applications and discuss achieved improvements and advantages of our modelling, such as the importance and the impact of time on the overall CVSS score calculation.


This item appears in the following Collection(s)

Show simple item record