Defining network exposure metrics in security risk scoring models

Eli Weintraub, Yuval Cohen

Research output: Contribution to journalArticlepeer-review


Organizations are exposed to cyber-attacks on a regular basis. Managers in these organizations are using scoring systems to evaluate the risks of the attacks they are exposed to. Information security methodologies define three major security objectives: confidentiality, integrity and availability. This work is focused on defining new network exposure measures affecting the availability. According to existing security scoring models network exposure risks are assessed by assigning availability measures on an ordinal scale using users' subjective assessment. In this work quantitative objective measures are defined and presented, based on the specific organizational network, thus improving accuracy of the scores computed by the current security risk scoring models.

Original languageEnglish
Pages (from-to)399-404
Number of pages6
JournalInternational Journal of Advanced Computer Science and Applications
Issue number4
StatePublished - 2018
Externally publishedYes

Bibliographical note

Publisher Copyright:
© 2015 The Science and Information (SAI) Organization Limited.


  • Cyber-attack
  • Exposure
  • Risk scoring
  • Security
  • Vulnerability


Dive into the research topics of 'Defining network exposure metrics in security risk scoring models'. Together they form a unique fingerprint.

Cite this