Dynamic Threat Assessment for Prioritising Computer Network Security
Dynamic Threat Assessment for Prioritising Computer Network Security
Large corporations today consist of heterogeneous IT networks with many thousands of devices, which may use numerous physical and logical interfaces to communicate. Much effort has been applied in automating laborious, time-consuming and sometimes-repetitive security services such as patch management and event loggers for these networks. However such tasks can still take many hours and even days to successfully complete. Currently it is left to the systems administrators’ discretion to choose in which order to protect individual devices, which on larger networks can result in arbitrary security protection at best. In light of the rapidly decreasing time between vulnerabilities being discovered and maliciously exploited by malware, such an arbitrary method introduces an unacceptable level of risk to the security of those devices, which are critical to business processes. An information risk management approach needs to be adopted to ensure the protection of the network with a high likelihood; this can be achieved through the prioritisation of critical devices. In this introductory paper a generic prioritisation technique for individual devices in a network is described offering a methodical alternative to the current ambiguity of a systems administrators operations. The technique is based upon compromise path analysis, which identifies critical paths in a network from a security viewpoint and is relevant in a wide range of operations from the application of security services to analysing their results. The vulnerability period metric is introduced, as a mechanism to control the risk exposure to individual devices through prioritisation.
Hayat, MZ
7db20277-35e4-47ab-a82f-be588f555fe3
Reeve, JS
dd909010-7d44-44ea-83fe-a09e4d492618
Boutle, C
8f6a29d4-4f7e-4bb2-bb41-4a0bb061149e
2006
Hayat, MZ
7db20277-35e4-47ab-a82f-be588f555fe3
Reeve, JS
dd909010-7d44-44ea-83fe-a09e4d492618
Boutle, C
8f6a29d4-4f7e-4bb2-bb41-4a0bb061149e
Hayat, MZ, Reeve, JS and Boutle, C
(2006)
Dynamic Threat Assessment for Prioritising Computer Network Security.
5th European Conference on Information Warefare and Security, Helsinki, Finland.
Record type:
Conference or Workshop Item
(Paper)
Abstract
Large corporations today consist of heterogeneous IT networks with many thousands of devices, which may use numerous physical and logical interfaces to communicate. Much effort has been applied in automating laborious, time-consuming and sometimes-repetitive security services such as patch management and event loggers for these networks. However such tasks can still take many hours and even days to successfully complete. Currently it is left to the systems administrators’ discretion to choose in which order to protect individual devices, which on larger networks can result in arbitrary security protection at best. In light of the rapidly decreasing time between vulnerabilities being discovered and maliciously exploited by malware, such an arbitrary method introduces an unacceptable level of risk to the security of those devices, which are critical to business processes. An information risk management approach needs to be adopted to ensure the protection of the network with a high likelihood; this can be achieved through the prioritisation of critical devices. In this introductory paper a generic prioritisation technique for individual devices in a network is described offering a methodical alternative to the current ambiguity of a systems administrators operations. The technique is based upon compromise path analysis, which identifies critical paths in a network from a security viewpoint and is relevant in a wide range of operations from the application of security services to analysing their results. The vulnerability period metric is introduced, as a mechanism to control the risk exposure to individual devices through prioritisation.
Text
simp_priori8a.doc
- Other
More information
Published date: 2006
Additional Information:
Event Dates: June 2006
Venue - Dates:
5th European Conference on Information Warefare and Security, Helsinki, Finland, 2006-06-01
Organisations:
EEE
Identifiers
Local EPrints ID: 262277
URI: http://eprints.soton.ac.uk/id/eprint/262277
PURE UUID: 1421c370-48f7-417c-9ead-a74393ac20f6
Catalogue record
Date deposited: 05 Apr 2006
Last modified: 14 Mar 2024 07:08
Export record
Contributors
Author:
MZ Hayat
Author:
JS Reeve
Author:
C Boutle
Download statistics
Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.
View more statistics