The IRMA Community
Newsletters
Research IRM
Click a keyword to search titles using our InfoSci-OnDemand powered search:
|
The Next Generation of Scientific-Based Risk Metrics: Measuring Cyber Maturity
Abstract
One of the major challenges to an organization achieving a certain level of preparedness to “effectively” combat existing and future cyber threats and vulnerabilities is its ability to ensure the security and reliability of its networks. Most of the existing efforts are quantitative, by nature, and limited solely to the networks and systems of the organization. It would be unfair to not acknowledge that for sure some progress has been achieved in the way that organizations, as a whole, are now positioning themselves to address the threats (GAO 2012). Unfortunately, so have the skill sets and resource levels improved for attackers--they are increasingly getting better at achieving the unwanted access to organizations' information assets. In large part the authors believe that some of this is due to the failure by methods to assess the overall vulnerability of the networks. In addition, significant levels of threats and vulnerabilities beyond organizations' networks and systems are not being given the level of attention that is warranted. In this paper, the authors propose a more comprehensive approach that enables an organization to more realistically assess its “cyber maturity” level in hope of better positioning itself to address existing and new cyber threats. The authors also propose the need to better understand another missing critical piece to the puzzle--the reliability and security of networks in terms of scientific risk-based metrics (e.g., the severity of individual vulnerabilities and overall vulnerability of the network). Their risk-based metrics focus on the probability of compromise due to a given vulnerability; employee non-adherence to company cyber-based policies; insider threats. They are: (1) built on the CVSS Base Score which is modified by developing weights derived from the Analytic Hierarchy Process (AHP) to make the overall score more representative of the impact the vulnerability has on the global infrastructure, and (2) rooted in repeatable quantitative characteristics (i.e., vulnerabilities) such as the sum of the probabilities that devices will be compromised via client-side or server-side attacks stemming from software or hardware vulnerabilities. The authors will demonstrate the feasibility of their method by applying their approach to a case study and highlighting the benefits and impediments which result.
Related Content
Siva Raja Sindiramutty, Noor Zaman Jhanjhi, Chong Eng Tan, Navid Ali Khan, Bhavin Shah, Amaranadha Reddy Manchuri.
© 2024.
58 pages.
|
Imdad Ali Shah, Raja Kumar Murugesan, Samina Rajper.
© 2024.
31 pages.
|
Rana Muhammad Amir Latif, Muhammad Farhan, Navid Ali Khan, R. Sujatha.
© 2024.
33 pages.
|
Imdad Ali Shah, Areesha Sial, Sarfraz Nawaz Brohi.
© 2024.
25 pages.
|
Kassim Kalinaki, Wasswa Shafik, Sarah Namuwaya, Sumaya Namuwaya.
© 2024.
24 pages.
|
Imdad Ali Shah, N. Z. Jhanjhi, Humaira Ashraf.
© 2024.
24 pages.
|
Rida Zehra.
© 2024.
18 pages.
|
|
|