Ugrás a tartalomhoz

 

Elosztott fenyegetettség felmérés

  • Metaadatok
Tartalom: http://ocs.mtak.hu/index.php/nws/2018/paper/view/9
Archívum: NETWORKSHOP
Gyűjtemény: Hálózatbiztonság, hálózatmenedzsment, azonosító rendszerek
Cím:
Elosztott fenyegetettség felmérés
Létrehozó:
Ferenc Leitold; Dunaújvárosi Egyetem, Secudit Kft.
Kálmán Hadarics; Dunaújvárosi Egyetem
Kiadó:
NETWORKSHOP
NETWORKSHOP
Dátum:
2018-12-20 04:52:45
Téma:
cyber security, DVA, vulnerability metric, threat
Tartalmi leírás:
Distributed Vulnerability AssessmentElectronic information systems are used in nearly every area of life today. Besides computers smart and IoT devices turn up. However, when IT systems are used online there are cyber-threats too. The so called cyber criminals can steal unauthorised data and credentials by means of malicious codes or can have a harmful effect on IT security. If we want to observe the protection of an IT system and infrastructure against threats we must consider several relevant relating parameters. Three factors are identified in the applied model of cyber-threats – Distributed Vulnerability Assessment (DVA):1. characteristics and prevalence of harmful cyber-threats;2. vulnerabilities of IT infrastructure and its processes;3. vulnerabilities deriving from users’ behaviour.Using a metric, the impact of a threat typical of a given infrastructure can be determined with a mathematical model. This metric means the probability of at least one threat attacking successfully at least one device in the IT infrastructure used by the given users. All available information must be considered in the case of the three cornerstones for the operation of the model. Such information is the prevalence, the necessary hardware and software elements or the demanded user activity. In the case of user behaviour, the most important characteristic is when and how the user uses the IT devices, to what extent he tends to open e-mail attachments or visit unknown web sites. In the case of IT infrastructure what hardware or software elements are present or absent and how they affect the operation of the observed harmful code. This, obviously, relates to the protection systems installed on the devices of the IT infrastructure.Using our mathematical approach, the integrated vulnerability is decomposed and distributed to the contributing elements of individual user susceptibility, individual IT infrastructure elements, and the individual protecting cybersecurity services and applications. From the DVA results, vulnerability is quantitatively attributed to the various internal contributing components (e.g., user identities, ports, protocols, protection layers). This allows different contributing components to be assessed using comparable metrics (e.g., user security awareness vs. infrastructure patch condition vs. efficacy of anti-malware). DVA allows information security managers to pose and compare the results of „what if” queries to see the vulnerability reduction of various available options that might not otherwise be quantitatively comparable (e.g., investment in employee security awareness programs vs. hardening IT infrastructure vs. adding additional cybersecurity applications and services. The framework, formulae, and relevant examples of applying DVA to single LAN and multiple LAN enterprise networks are described.This paper describes our model capable of determining the metric of threats. The paper includes the applied mathematical formulae to present the practical application of the model.
Distributed Vulnerability AssessmentElectronic information systems are used in nearly every area of life today. Besides computers smart and IoT devices turn up. However, when IT systems are used online there are cyber-threats too. The so called cyber criminals can steal unauthorised data and credentials by means of malicious codes or can have a harmful effect on IT security. If we want to observe the protection of an IT system and infrastructure against threats we must consider several relevant relating parameters. Three factors are identified in the applied model of cyber-threats – Distributed Vulnerability Assessment (DVA):1. characteristics and prevalence of harmful cyber-threats;2. vulnerabilities of IT infrastructure and its processes;3. vulnerabilities deriving from users’ behaviour.Using a metric, the impact of a threat typical of a given infrastructure can be determined with a mathematical model. This metric means the probability of at least one threat attacking successfully at least one device in the IT infrastructure used by the given users. All available information must be considered in the case of the three cornerstones for the operation of the model. Such information is the prevalence, the necessary hardware and software elements or the demanded user activity. In the case of user behaviour, the most important characteristic is when and how the user uses the IT devices, to what extent he tends to open e-mail attachments or visit unknown web sites. In the case of IT infrastructure what hardware or software elements are present or absent and how they affect the operation of the observed harmful code. This, obviously, relates to the protection systems installed on the devices of the IT infrastructure.Using our mathematical approach, the integrated vulnerability is decomposed and distributed to the contributing elements of individual user susceptibility, individual IT infrastructure elements, and the individual protecting cybersecurity services and applications. From the DVA results, vulnerability is quantitatively attributed to the various internal contributing components (e.g., user identities, ports, protocols, protection layers). This allows different contributing components to be assessed using comparable metrics (e.g., user security awareness vs. infrastructure patch condition vs. efficacy of anti-malware). DVA allows information security managers to pose and compare the results of „what if” queries to see the vulnerability reduction of various available options that might not otherwise be quantitatively comparable (e.g., investment in employee security awareness programs vs. hardening IT infrastructure vs. adding additional cybersecurity applications and services. The framework, formulae, and relevant examples of applying DVA to single LAN and multiple LAN enterprise networks are described.This paper describes our model capable of determining the metric of threats. The paper includes the applied mathematical formulae to present the practical application of the model.DOI: 10.31915/NWS.2018.2
Nyelv:
magyar
Típus:
Peer-reviewed Paper
Formátum:
application/pdf
Azonosító:
Forrás:
NETWORKSHOP; NETWORKSHOP 2018
Létrehozó:
Authors who submit to this conference agree to the following terms:<br/> <strong>a)</strong>&nbsp;Authors retain copyright over their work, while allowing the conference to place this unpublished work under a <a href="http://creativecommons.org/licenses/by/3.0/">Creative Commons Attribution License</a>, which allows others to freely access, use, and share the work, with an acknowledgement of the work's authorship and its initial presentation at this conference.<br/> <strong>b)</strong>&nbsp;Authors are able to waive the terms of the CC license and enter into separate, additional contractual arrangements for the non-exclusive distribution and subsequent publication of this work (e.g., publish a revised version in a journal, post it to an institutional repository or publish it in a book), with an acknowledgement of its initial presentation at this conference.<br/> <strong>c)</strong>&nbsp;In addition, authors are encouraged to post and share their work online (e.g., in institutional repositories or on their website) at any point before and after the conference.