Maximizing an Organization's Information Security Posture by Distributedly Assessing and Remedying System Vulnerabilities

Nunez, Yonesy

doi:10.1109/icnsc.2008.4525389

2008 IEEE International Conference on Networking, Sensing and Control 2008

DOI: 10.1109/icnsc.2008.4525389

|View full text |Cite

Maximizing an Organization's Information Security Posture by Distributedly Assessing and Remedying System Vulnerabilities

Yonesy Nunez

Abstract: Updating systems for security vulnerabilities has become a cumbersome yet necessary evil in today's environment of zero-day exploits and ever-changing threat matrix. The current state of affairs for the vulnerability and threat management functions are in dire need of a solution that can rapidly assess systems for vulnerabilities and fix them expeditiously. This will guarantee the effective reconnaissance of critical vulnerabilities in a more concise and cohesive fashion throughout all industries affected by t… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...

Citation Types

Supporting

Mentioning

Contrasting

Year Published

2016

Publication Types

Select...

Article2

Relationship

Self Cite0

Independent2

Authors

Journals

Cited by 2 publications

References 41 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

Security Risk Scoring Incorporating Computers' Environment

Weintraub¹

2016

ijacsa

View full text Add to dashboard Cite

Abstract-A framework of a Continuous Monitoring System (CMS) is presented, having new improved capabilities. The system uses the actual real-time configuration of the system and environment characterized by a Configuration Management Data Base (CMDB) which includes detailed information of organizational database contents, security and privacy specifications. The Common Vulnerability Scoring Systems' (CVSS) algorithm produces risk scores incorporating information from the CMDB. By using the real updated environmental characteristics the system enables achieving accurate scores compared to existing practices. Framework presentation includes systems' design and an illustration of scoring computations.

show abstract

Security Risk Scoring Incorporating Computers' Environment

Weintraub¹

2016

ijacsa

View full text Add to dashboard Cite

show abstract

Evaluating Damage Potential in Security Risk Scoring Models

Weintraub¹

2016

ijacsa

View full text Add to dashboard Cite

Abstract-A Continuous Monitoring System (CMS) model is presented, having new improved capabilities. The system is based on the actual real-time configuration of the system. Existing risk scoring models assume damage potential is estimated by systems' owner, thus rejecting the information relying in the technological configuration. The assumption underlying this research is based on users' ability to estimate business impacts relating to systems' external interfaces which they use regularly in their business activities, but are unable to assess business impacts relating to internal technological components. According to the proposed model systems' damage potential is calculated using technical information on systems' components using a directed graph. The graph is incorporated into the Common Vulnerability Scoring Systems' (CVSS) algorithm to produce risk scoring measures. Framework presentation includes system design, damage potential scoring algorithm design and an illustration of scoring computations.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Maximizing an Organization's Information Security Posture by Distributedly Assessing and Remedying System Vulnerabilities

Cited by 2 publications

References 41 publications

Security Risk Scoring Incorporating Computers' Environment

Security Risk Scoring Incorporating Computers' Environment

Evaluating Damage Potential in Security Risk Scoring Models

Contact Info

Product

Resources

About