Abstract
The center for internet security (CIS) publishes a set of defense actions which forms a set of defense in depth best practices known as critical security control (CSC) to detect, prevent, respond, and mitigate the cyber attacks against cyber systems and networks. However, no well defined automated measures and metrics are developed to validate the enforcement of these CSCs. Additionally, it is infeasible to directly analyze the implementation of security products to verify and validate the enforcement of CSCs in those security products. In this poster, we are going to present our preliminary analysis to develop automated measures and metrics for CSC based on threat model each CSC is targeting, measurable features, and cyber artifacts which can be used to create metrics for key enforcement indicators. We also present a case study to develop measures and metrics for a CIS CSC called boundary defense.
| Original language | English |
|---|---|
| Title of host publication | Proceedings of the 6th Annual Symposium on Hot Topics in the Science of Security, HotSoS 2019 |
| Publisher | Association for Computing Machinery |
| ISBN (Electronic) | 9781450371476 |
| DOIs | |
| State | Published - 1 Apr 2019 |
| Externally published | Yes |
| Event | 6th Annual Symposium on Hot Topics in the Science of Security, HotSoS 2019 - Nashville, United States Duration: 1 Apr 2019 → 3 Apr 2019 |
Publication series
| Name | ACM International Conference Proceeding Series |
|---|
Conference
| Conference | 6th Annual Symposium on Hot Topics in the Science of Security, HotSoS 2019 |
|---|---|
| Country/Territory | United States |
| City | Nashville |
| Period | 1/04/19 → 3/04/19 |
Bibliographical note
Publisher Copyright:© 2019 Copyright is held by the owner/author(s).
ASJC Scopus subject areas
- Software
- Human-Computer Interaction
- Computer Vision and Pattern Recognition
- Computer Networks and Communications