Home // SECURWARE 2017, The Eleventh International Conference on Emerging Security Information, Systems and Technologies // View article

Assessing Security Protection for Sensitive Data

Authors:
George O. M. Yee

Keywords: assessment, security, protection, sensitive data, vulnerability

Abstract:
The growth of the Internet has unfortunately been accompanied by an increasing number of attacks against an organization’s computing infrastructure, leading to the theft of sensitive data. In response to such incursions, the organization installs security measures (e.g., intrusion detection system) for protecting its sensitive data. However, this installation is often done haphazardly, without any objective guidance regarding how many vulnerabilities must be secured in order to achieve a targeted level of protection that would be deemed acceptable. This work derives estimates of the levels of protection based on the number of vulnerabilities to attack that have been secured. The paper then shows how an organization can calculate these estimates, and use them to adjust the number of security measures installed, until a certain target level of protection is achieved subject to certain constraints. An application example is included.

Pages: 111 to 116

Copyright: Copyright (c) IARIA, 2017

Publication date: September 10, 2017

Published in: conference

ISSN: 2162-2116

ISBN: 978-1-61208-582-1

Location: Rome, Italy

Dates: from September 10, 2017 to September 14, 2017