Quantitative Security Risk Evaluation using CVSS Metrics by Estimation of Frequency and Maturity of Exploit
نویسندگان
چکیده
The evaluation of network risk is a vital task. It is an essential step in securing any network. This evaluation can help security professionals in making optimal decisions about how to design security countermeasures in order to improve security. This paper proposes a risk estimation model that uses vulnerability database National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) and the Common Vulnerability Scoring System (CVSS). The CVSS Risk Level Estimation Model estimates a security risk level from vulnerability information as a combination of period of exploitation and frequency of occurrence to estimates the impact derived from the CVSS. Proposed model provides quantitative security metrics that produces rapid and consistent security measurement which helps in automated and reasonable security management.
منابع مشابه
A Framework for Software Security Risk Evaluation using the Vulnerability Lifecycle and CVSS Metrics
A vulnerability that has been discovered but is unpatched represents a security risk to a system. During the lifetime of a software system, new vulnerabilities are discovered over time. There are two opposing actors, the patch developers and the potential exploiters. An exploit can happen immediately after a disclosure, perhaps even before the disclosure if the discovery is made by a black-hat ...
متن کاملDefining and Assessing Quantitative Security Risk Measures Using Vulnerability Lifecycle and CVSS Metrics
Known vulnerabilities which have been discovered but not patched represents a security risk which can lead to considerable financial damage or loss of reputation. They include vulnerabilities that have either no patches available or for which patches are applied after some delay. Exploitation is even possible before public disclosure of a vulnerability. This paper formally defines risk measures...
متن کاملInformation Security Assessment by Quantifying Risk Level of Network Vulnerabilities
With increasing dependency on IT infrastructure, the main objective of a system administrator is to maintain a stable and secure network, with ensure that the network is robust enough against malicious network users like attackers and intruders. Security risk management provides way to manage the growing threats to infrastructures or system. This paper proposes a framework for risk level estima...
متن کاملA Predictive Framework for Cyber Security Analytics using Attack Graphs
Security metrics serve as a powerful tool for organizations to understand the effectiveness of protecting computer networks. However majority of these measurement techniques don’t adequately help corporations to make informed risk management decisions. In this paper we present a stochastic security framework for obtaining quantitative measures of security by taking into account the dynamic attr...
متن کاملOn Computing Enterprise IT Risk Metrics
External Posting Date: February 21, 2011 [Fulltext] Approved for External Publication Internal Posting Date: February 21, 2011 [Fulltext] On Computing Enterprise IT Risk Metrics Sandeep Bhatt, William Horne, Prasad Rao HP Laboratories HPL-2011-26 Assessing the vulnerability of large heterogeneous systems is crucial to IT operational decisions such as prioritizing the deployment of security pa...
متن کامل