A Formal Model of Security Controls' Capabilities and Its Applications to Policy Refinement and Incident Management
A formal model, the Security Capability Model (SCM), that abstracts the features and capabilities of security controls to enable automation of security management tasks such as policy refinement, security control comparison, and incident response.