文章基本信息

标题：Evaluating Damage Potential in Security Risk Scoring Models
本地全文：下载
作者：Eli Weintraub
期刊名称：International Journal of Advanced Computer Science and Applications(IJACSA)
印刷版ISSN：2158-107X
电子版ISSN：2156-5570
出版年度：2016
卷号：7
期号：5
DOI：10.14569/IJACSA.2016.070547
出版社：Science and Information Society (SAI)
摘要：A Continuous Monitoring System (CMS) model is presented, having new improved capabilities. The system is based on the actual real-time configuration of the system. Existing risk scoring models assume damage potential is estimated by systems' owner, thus rejecting the information relying in the technological configuration. The assumption underlying this research is based on users' ability to estimate business impacts relating to systems' external interfaces which they use regularly in their business activities, but are unable to assess business impacts relating to internal technological components. According to the proposed model systems' damage potential is calculated using technical information on systems' components using a directed graph. The graph is incorporated into the Common Vulnerability Scoring Systems' (CVSS) algorithm to produce risk scoring measures. Framework presentation includes system design, damage potential scoring algorithm design and an illustration of scoring computations.
关键词：thesai; IJACSA; thesai.org; journal; IJACSA papers; CVSS; security; risk management; configuration; Continuous Monitoring; vulnerability; damage potential; risk scoring