Evaluating Damage Potential in Security Risk Scoring Models
Journal Title: International Journal of Advanced Computer Science & Applications - Year 2016, Vol 7, Issue 5
Abstract
A Continuous Monitoring System (CMS) model is presented, having new improved capabilities. The system is based on the actual real-time configuration of the system. Existing risk scoring models assume damage potential is estimated by systems' owner, thus rejecting the information relying in the technological configuration. The assumption underlying this research is based on users' ability to estimate business impacts relating to systems' external interfaces which they use regularly in their business activities, but are unable to assess business impacts relating to internal technological components. According to the proposed model systems' damage potential is calculated using technical information on systems' components using a directed graph. The graph is incorporated into the Common Vulnerability Scoring Systems' (CVSS) algorithm to produce risk scoring measures. Framework presentation includes system design, damage potential scoring algorithm design and an illustration of scoring computations.
Authors and Affiliations
Eli Weintraub
Keywords
Related Articles
- EP ID EP149250
- DOI 10.14569/IJACSA.2016.070547
- Views 103
- Downloads 0
Secure Data Provenance in Internet of Things based Networks by Outsourcing Attribute based Signatures and using Bloom Filters
With the dawn of autonomous organization and network and service management, the integration of existing networks with Internet of Things (IoT) based networks is becoming a reality. With minimal human interaction, the se...
A Gaps Approach to Access the Efficiency and Effectiveness of IT-Initiatives In Rural Areas: case study of Samalta, a village in the central Himalayan Region of India
This paper focuses on the effectiveness and efficiency of IT initiatives in rural areas where topology creates isolation to developmental activities. A village is selected for the study and information is gathered throug...
Use of Non-Topological Node Attribute Values for Probabilistic Determination of Link Formation
Here we propose a probabilistic model for determining link formation, using Naïve Bayes Classifier on non-topological attribute values of nodes, in a social network. The proposed model gives a score which helps to determ...
Analysis and Enhancement of BWR Mechanism in MAC 802.16 for WIMAX Networks
WiMAX [Worldwide Interoperability for Microwave Access] is the latest contender as a last mile solution for providing broadband wireless Internet access and is an IEEE 802.16 standard. In IEEE 802.16 MAC protocol,...
An Automatic Cryptanalysis of Arabic Transposition Ciphers using Compression
This paper introduces a compression-based method adapted for the automatic cryptanalysis of Arabic transposition ciphers. More specifically, this paper presents how a Prediction by Partial Matching (‘PPM’) compression sc...