An Empirical Study of Connections Between Measurements and Information Security

Miani, Rodrigo Sanches; Cukier, Michel; Zarpelão, Bruno Bogaz; Breda, Gean Davis; Mendes, Leonardo de Souza

Home // SECURWARE 2012 , The Sixth International Conference on Emerging Security Information, Systems and Technologies // View article

An Empirical Study of Connections Between Measurements and Information Security

Authors:
Rodrigo Sanches Miani
Michel Cukier
Bruno Bogaz Zarpelão
Gean Davis Breda
Leonardo de Souza Mendes

Keywords: Network and Security Management; Security Metrics; Empirical Study; Security Incidents; Intrusion Prevention Systems

Abstract:
This paper presents an investigation of factors that are likely to affect the security of an organization, in particular, the number of security incidents. Using Intrusion Prevention Systems (IPS) data, provided by the University of Maryland, we derive three potential factors (attackers, corrupted computers and attack types) and their respective measurements. Based on empirical studies and information security literature, we examine the effects of selected factors on the number of security incidents. We use a regression model to test the hypotheses empirically and also to study how those factors are affected over time. We found that the number of potential corrupted computers is positively related to the security incidents while the number of potential attackers and range of attack types does not significantly affect the number of security incidents. We also found empirical evidence that factors could significantly change over time.

Pages: 104 to 111

Copyright: Copyright (c) IARIA, 2012

Publication date: August 19, 2012

Published in: conference

ISSN: 2162-2116

ISBN: 978-1-61208-209-7

Location: Rome, Italy

Dates: from August 19, 2012 to August 24, 2012