Validating and restoring defense in depth using attack graphs Charloutte sex chat
With respect to security assessment presented by Almorsy et al.
, the authors propose the notion of evaluating Cloud sec SLAs, by introducing a metric to benchmark the security of a CSP based on categories.
However, the resulting security categorization is purely qualitative.
In Casola et al () a methodology for evaluating and comparing security SLAs expressed through the use of standard policy languages is presented.
Luna  uses a similar approach to quantify the security of a Public Key Infrastructure, based on its Certificate Policy. present a metric-based approach for assessing the security level of Critical Infrastructures. Bhargava, "Extending Attack Graph-Based Security Metrics and Aggregating Their Application," IEEE Transactions on Dependable and Secure Computing (TDSC), vol.
Security metrics are also used for the definition of SLAs. point to the need of developing a security metrics framework for the Cloud. Predictive approaches for anticipating how security metrics will develop have been also studied and applied (e.g., Trust Economics system modelling paradigm ,  and the ADVISE modelling approach of . Trimintzios, "Measurement Frameworks and Metrics for Resilient Networks and Services," European Network and Information Security Agency (ENISA), Technical report, 2011.
Cunningham, "Validating and Restoring Defense in Depth Using Attack Graph," in Proc.
Security metrics’ importance for the decision making in ICT systems with respect to security has been recognised by organizations such as ENISA , CIS  and NIST . , Pamula et al ), or to measure the degree of trustworthiness of software-intensive systems (e.g., Manadhata et al. Li  presents a framework to compare Cloud providers according to performance indicators.
Security metrics have been applied for quantifying the security of network systems though several attack graph-based security metrics (e.g., Idika et al. Garg et al  use the Analytic Hierarchy Process (AHP) to rank providers based also on performance data to measure various Quality of Service (Qo S) attributes.
Unfortunately, metrics aggregation mostly remains a research challenge as acknowledged by NIST  and ENISA .
Very few frameworks have been proposed to aggregate security metrics.
Other security-metrics based approach propose mechanisms to describe and quantify security are given in  by Breier et al. D2.2 Requirements emerging from a state-of-the-art analysis – Final Report Page 92  "The CIS security metrics V1.1.0.".
Few works focus on security metrics aggregation in order to enable the quantification of the security level in the end-to-end of all collaborators of the supply chain. Center for Internet Security (CIS), Technical Report, 2010. Jansen, "Directions in security metrics research." National Institute of Standards and Technology (NIST), DIANE Publishing, U.