A concept of standard-based vulnerability management automation for IT systems

Kasprzyk, Rafał; Stachurski, A.

doi:10.5604/01.3001.0009.4500

Cited by 9 publications

(5 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This means that the commencement of one process does not have to be linked with the completion of a previous one. An example would be starting the tests of an encoded software fragment prior to the stage of total encoding completion [12][13][14][15][16][17].…”

Section: Methodsmentioning

confidence: 99%

Computer Life-Cycle Management System for Avionics Software as a Tool for Supporting the Sustainable Development of Air Transport

et al. 2021

View full text Add to dashboard Cite

The article presents selected results of analytical and design works undertaken at the Air Force Institute of Technology (AFIT) in the field of building a computer support and software lifecycle management system that is critical for flight safety. The aim of the work undertaken is to develop methods and carry out verification and testing in order to detect errors in the developed avionics software for compliance with the requirements of the DO-178C standard and its production, certification, and implementation on board aircraft. The authors developed an original computer system within the implemented requirements used in the construction and certification of avionic onboard devices and their software (among others, DO-254, DO-178C, AQAP 2210, ARP 4761, ARP 4754A). The conducted analysis involved three basic groups of avionics software development processes, i.e., software planning, creation, and integration. Examples of solutions implemented in the constructed computer system were presented for each of these process groups. The theoretical basis of the new method for predicting vulnerabilities in the software implemented within integrated avionic systems using branching processes is discussed. It was demonstrated that the possibility of predicting vulnerabilities in future software versions could have a significant impact on assessing the risk associated with software safety in the course of its lifecycle. It was indicated that some of the existing quantitative models for analyzing software vulnerabilities were developed based on dedicated software data, which is why actual scenario implementation may be limited. DO-178C standard requirements for the process of developing avionics software were implemented in the helmet-mounted flight parameter display system constructed at AFIT. The requirements of the DO-178C and AQAP 2210 standards were shown to be met in the example of the software developed for a graphics computer, managing the operating modes of this system.

show abstract

Section: Methodsmentioning

confidence: 99%

Computer Life-Cycle Management System for Avionics Software as a Tool for Supporting the Sustainable Development of Air Transport

et al. 2021

View full text Add to dashboard Cite

show abstract

“…The other metrics can be used optionally, but there are constraints on applying them to complex corporate-level system architectures. Therefore, this section only discusses the base metrics [20][21][22].…”

Section: Common Configuration Scoring Systemmentioning

confidence: 99%

Endpoint Device Risk-Scoring Algorithm Proposal for Zero Trust

et al. 2023

View full text Add to dashboard Cite

The rapid expansion of remote work following the COVID-19 pandemic has necessitated the development of more robust and secure endpoint device security solutions. Companies have begun to adopt the zero trust security concept as an alternative to traditional network boundary security measures, which requires that every device and user be considered untrustworthy until proven otherwise. Despite the potential benefits of implementing zero trust, the stringent security measures can inadvertently lead to low availability by denying access to legitimate users or limiting their ability to access necessary resources. To address this challenge, we propose a risk-scoring algorithm that balances confidentiality and availability by evaluating the user’s impact on resources. Our contributions include (1) summarizing the limitations of existing risk scoring systems in companies that implement zero trust, (2) proposing a dynamic importance metric that measures the importance of resources accessible to users within zero trust systems, and (3) introducing a risk-scoring algorithm that employs the dynamic importance metric to enhance both security and availability in zero trust environments. By incorporating the dynamic importance metric, our proposed algorithm provides a more accurate representation of risk, leading to better security decisions and improved resource availability for legitimate users. This proposal aims to help organizations achieve a more balanced approach to endpoint device security, addressing the unique challenges posed by the increasing prevalence of remote work.

show abstract

“…The [8], [11]. The SCAP or Security Content Automation Protocol required for the purpose of guard against security threats of the institutions, organizations etc for continuous monitoring to the computer systems; it includes the applications they have deployed, upgrade to configurations.…”

Section: Security Content Automation Protocol and Few Concernsmentioning

confidence: 99%

Information Assurance with special reference to the Security Content Automation Protocol (SCAP) — <i>An Overview</i>

Paul

Aithal

2019

SSRN Journal

View full text Add to dashboard Cite

Information Assurance, in short, is called as IA. This is responsible for securing information systems and computing. The term holds the highest degree of security related affairs. In generally Computer Security considered as a branch and area of security but now apart from this, Information Security, IT Security, and Information Assurance considered as important. And among these, security related domain Information Assurance treated as broader and interdisciplinary. Moreover, this Information Assurance holds all the areas and dealing of IT Security and Information Security but additionally, it is responsible for the designing, development of policies, regulation and guidelines of security related projects /proposal, etc. And among the administrative and protocol related affairs Security Content Automation Protocol treated as important. In short, it is called as SCAP. It is a kind of method for using specific standards for the purpose of enabling vulnerability management systems in an automated way for the measurement as well as policy compliance assessment regarding the systems inbuilt in a company or institutions; that may include IT company or may not be. This is a conceptual paper, initially, it has discussed with the areas of Information Assurance but gradually it has described about the Security Content Automation Protocol; including its aim and objectives, versions, etc. paper mentioned all the areas in short and simple sense.

show abstract

A concept of standard-based vulnerability management automation for IT systems

Cited by 9 publications

References 6 publications

Computer Life-Cycle Management System for Avionics Software as a Tool for Supporting the Sustainable Development of Air Transport

Computer Life-Cycle Management System for Avionics Software as a Tool for Supporting the Sustainable Development of Air Transport

Endpoint Device Risk-Scoring Algorithm Proposal for Zero Trust

Information Assurance with special reference to the Security Content Automation Protocol (SCAP) — <i>An Overview</i>

Contact Info

Product

Resources

About