A Risk Index Model for Security Incident Prioritisation
نویسندگان
چکیده
With thousands of incidents identified by security appliances every day, the process of distinguishing which incidents are important and which are trivial is complicated. This paper proposes an incident prioritisation model, the Risk Index Model (RIM), which is based on risk assessment and the Analytic Hierarchy Process (AHP). The model uses indicators, such as criticality, maintainability, replaceability, and dependability as decision factors to calculate incidents’ risk index. The RIM was validated using the MIT DARPA LLDOS 1.0 dataset, and the results were compared against the combined priorities of the Common Vulnerability Scoring System (CVSS) v2 and Snort Priority. The experimental results have shown that 100% of incidents could be rated with RIM, compared to only 17.23% with CVSS. In addition, this study also improves the limitation of group priority in the Snort Priority (e.g. high, medium and low priority) by quantitatively ranking, sorting and listing incidents according to their risk index. The proposed study has also investigated the effect of applying weighted indicators at the calculation of the risk index, as well as the effect of calculating them dynamically. The experiments have shown significant changes in the resultant risk index as well as some of the top priority rankings.
منابع مشابه
Incident prioritisation using analytic hierarchy process (AHP): Risk Index Model (RIM)
The landscape of security threats continues to evolve, with attacks becoming more serious and the number of vulnerabilities rising. For these threats to be managed, many security studies have been undertaken in recent years, mainly focusing on improving detection, prevention and response efficiency. This paper proposes an incident prioritisation model, the Risk Index Model (RIM), which is based...
متن کاملPrioritisation of Network Security Services
On large networks security administration tasks such as patch management and event log analysis can take many hours and even days to successfully complete even with automated solutions. Currently it is left to the systems administrators’ discretion to choose in which order to protect individual devices. In light of the rapidly decreasing time between vulnerabilities being discovered and malicio...
متن کاملOverweight as a Protective Factor in Dementia Incident in Elderly Residents of Kahrizak Charity Foundation Aged 80 and Older
Objectives: In this study, the relation of late-life body mass index (BMI) and waist circumference with incident dementia risk was investigatedin a group of iranian elderly peopel. Methods & Materials: In cross-sectional present study 107 elderly residents of the Kahrizak Charity Foundation aged 80 and older were participated. Dementia was assessed using Mini-Mental State Examination questio...
متن کاملHouse of Improvement Model to Enhance Prioritisation of Solutions in Decision Making: a Case Study
The decision making on selection of improvement solutions was one of the obstacles hampering the success of process improvement. This paper presents the House of Improvement (HOI) model as a guideline to link decision criteria for the prioritisation of improvement solutions. Three phases in the HOI are applied to facilitate selection and to ensure that suitable and value-added solutions are cho...
متن کاملA Response Strategy Model for Intrusion Response Systems
There are several types of security systems, which focus on detecting, mitigating and responding to incidents. Current response systems are largely based on manual incident response selection strategies, which can introduce delays between detection and response time. However, it would be beneficial if critical and urgent incidents are addressed as soon as possible before they jeopardised critic...
متن کامل