Security Risk Scoring Incorporating Computers' Environment
نویسنده
چکیده
A framework of a Continuous Monitoring System (CMS) is presented, having new improved capabilities. The system uses the actual real-time configuration of the system and environment characterized by a Configuration Management Data Base (CMDB) which includes detailed information of organizational database contents, security and privacy specifications. The Common Vulnerability Scoring Systems' (CVSS) algorithm produces risk scores incorporating information from the CMDB. By using the real updated environmental characteristics the system enables achieving accurate scores compared to existing practices. Framework presentation includes systems' design and an illustration of scoring computations. Keywords—CVSS; Security; Risk Management; Configuration Management; CMDB; Continuous Monitoring System;
منابع مشابه
Leveraging behavioral science to mitigate cyber security risk
Most efforts to improve cyber security focus primarily on incorporating new technological approaches in products and processes. However, a key element of improvement involves acknowledging the importance of human behavior when designing, building and using cyber security technology. In this survey paper, we describe why incorporating an understanding of human behavior into cyber security produc...
متن کاملISRAM: information security risk analysis method
Continuously changing nature of technological environment has been enforcing to revise the process of information security risk analysis accordingly. A number of quantitative and qualitative risk analysis methods have been proposed by researchers and vendors. The purpose of these methods is to analyze today's information security risks properly. Some of these methods are supported by a software...
متن کاملComputer security in the future
Until recently, computer security was an obscure discipline that seemed to have little relevance to everyday life. With the rapid growth of the Internet, e-commerce, and the widespread use of computers, computer security touches almost all aspects of daily life and all parts of society. Even those who do not use computers have information about them stored on computers. This paper reviews some ...
متن کاملIntroducing OSSF: A framework for online service cybersecurity risk management
This paper proposes a new framework for online services security risk management which can be used by both service providers and service consumers.The proposed framework was validated through a case study performed in a large enterprise environment. The key components of the proposed framework are Threat model and Risk model. These models are designed to fit specific features of online services...
متن کامل84-10-15 Securing Tandem Systems
Tandem computers are employed extensively in heavy volume, OnLine Transaction Processing environments. Tandem systems can be found in 24 of the top 25 US banks; 32 of the top 50 European banks; 250 brokerage and security firms; 60 major insurance companies; and in 40of the world s busiest stock and commodities exchanges. Tandem computers run 75% of all automated teller machine transactions, 66%...
متن کامل