Home // SECURWARE 2018, The Twelfth International Conference on Emerging Security Information, Systems and Technologies // View article

Metrics for Continuous Active Defence

Authors:
George O. M. Yee

Keywords: sensitive data, vulnerability, security measure, security level, metrics, continuous defence

Abstract:
As a sign of the times, headlines today are full of attacks against an organization’s computing infrastructure, resulting in the theft of sensitive data. In response, the organization applies security measures (e.g., encryption) to secure its vulnerabilities. However, these measures are often only applied once, with the assumption that the organization is then protected and no further action is needed. Unfortunately, attackers continuously probe for vulnerabilities and change their attacks accordingly. This means that an organization must also continuously check for new vulnerabilities and secure them, to continuously and actively defend against the attacks. This paper derives metrics that characterize the security level of an organization at any point in time, based on the number of vulnerabilities secured and the effectiveness of the securing measures. The paper then shows how an organization can apply the metrics for continuous active defence.

Pages: 92 to 98

Copyright: Copyright (c) IARIA, 2018

Publication date: September 16, 2018

Published in: conference

ISSN: 2162-2116

ISBN: 978-1-61208-661-3

Location: Venice, Italy

Dates: from September 16, 2018 to September 20, 2018