Abstract
The risk of cyberattacks have become increasingly daunting as most of our socioeconomic activities have gone cyberbased. Comprehensive automated risk management is becoming necessity in today's dynamic networks. In this paper, we present an objective metric to assess the risk of cyberattacks on organizations' networks based on the security compliance reports. Our model considers various risk factors, including vulnerabilities distribution, dependency between them, and network configuration. We take advantage of Security Content Automation Protocol (SCAP) languages and measurement and scoring systems to study vulnerabilities and compute the system exposure. We also describe an evaluation plan to validate the presented metric.
| Original language | English |
|---|---|
| Title of host publication | SafeConfig 2014 - Proceedings of the 2014 ACM Cyber Security Analytics, Intelligence and Automation Workshop, Co-located with CCS 2014 |
| Publisher | Association for Computing Machinery |
| Pages | 25-28 |
| Number of pages | 4 |
| Edition | November |
| ISBN (Print) | 9781450331470 |
| DOIs | |
| State | Published - 3 Nov 2014 |
| Externally published | Yes |
| Event | 2014 ACM Cyber Security Analytics, Intelligence and Automation Workshop, SafeConfig 2014 - Co-located with CCS 2014 - Scottsdale, United States Duration: 3 Nov 2014 → … |
Publication series
| Name | Proceedings of the ACM Conference on Computer and Communications Security |
|---|---|
| Number | November |
| Volume | 2014-November |
| ISSN (Print) | 1543-7221 |
Conference
| Conference | 2014 ACM Cyber Security Analytics, Intelligence and Automation Workshop, SafeConfig 2014 - Co-located with CCS 2014 |
|---|---|
| Country/Territory | United States |
| City | Scottsdale |
| Period | 3/11/14 → … |
Bibliographical note
Publisher Copyright:Copyright 2014 ACM.
Keywords
- Attacks
- CVSS
- Compliance
- Configuration management
- Risk assessment
- Vulnerability
ASJC Scopus subject areas
- Software
- Computer Networks and Communications