October 30, 2017: Invited Speaker Seminar: Security Metrics and Risk Analysis for Enterprise Systems

Dr. Anoop Singhal
National Institute of Standards and Technology

Monday, October 30, 2017 at 3:30 pm
Room EV003.309

Abstract

Protection of enterprise systems from cyber attacks is a challenge. Vulnerabilities are regularly discovered in software systems that are exploited to launch cyber attacks. Security Analysts need objective metrics to manage the security risk of enterprise systems. In this talk, we will give an overview of our research on security metrics and challenges for security risk analysis of enterprise systems. A standard model for security metrics will enable us to answer questions such as “are we more secure than yesterday?” or “how does the security of one system compare with another?” We will present a methodology for security risk analysis that is based on the model of Attack Graphs and the Common Vulnerability Scoring System (CVSS). We will also present the NIST Cyber Security Framework for Risk Management.

Biography

Dr. Anoop Singhal is currently a Senior Computer Scientist and a Program Manager in the Computer Security Division at the National Institute of Standards and Technology (NIST) in Gaithersburg, Maryland. He has several years of research experience at NIST, George Mason University and AT&T Bell Labs. He received his Ph.D. in Computer Science from Ohio State University, Columbus, Ohio. His research interests are in system security, active cyber defense, network forensics, cloud computing security and data mining systems. He is a member of ACM, senior member of the IEEE and he has co-authored over 50 technical papers in leading conferences and journals. He has taught several graduate level courses in Computer Science as an adjunct faculty and has given talks at RSA, IEEE and ACM conferences. He has two patents in the area of attack graphs and he has also co-edited a book on Secure Cloud Computing.