Elosztott fenyegetettség felmérés = Distributed Vulnerability Assessment

Leitold, Ferenc and Hadarics, Kálmán (2018) Elosztott fenyegetettség felmérés = Distributed Vulnerability Assessment. In: NETWORKSHOP 2018 konferenciakiadvány. HUNGARNET Egyesület, Budapest, pp. 15-23.

Preview

Text leitold-hadarics_VEGLEGES.pdf Available under License Creative Commons Attribution. Download (247kB) | Preview

Abstract

Electronic information systems are used in nearly every area of life today. Besides computers smart and IoT devices turn up. However, when IT systems are used online there are cyber-threats too. The so called cyber criminals can steal unauthorised data and credentials by means of malicious codes or can have a harmful effect on IT security. If we want to observe the protection of an IT system and infrastructure against threats we must consider several relevant relating parameters. Three factors are identified in the applied model of cyber-threats – Distributed Vulnerability Assessment (DVA): 1. characteristics and prevalence of harmful cyber-threats; 2. vulnerabilities of IT infrastructure and its processes; 3. vulnerabilities deriving from users’ behaviour. Using a metric, the impact of a threat typical of a given infrastructure can be determined with a mathematical model. This metric means the probability of at least one threat attacking successfully at least one device in the IT infrastructure used by the given users. All available information must be considered in the case of the three cornerstones for the operation of the model. Such information is the prevalence, the necessary hardware and software elements or the demanded user activity. In the case of user behaviour, the most important characteristic is when and how the user uses the IT devices, to what extent he tends to open e-mail attachments or visit unknown web sites. In the case of IT infrastructure what hardware or software elements are present or absent and how they affect the operation of the observed harmful code. This, obviously, relates to the protection systems installed on the devices of the IT infrastructure. Using our mathematical approach, the integrated vulnerability is decomposed and distributed to the contributing elements of individual user susceptibility, individual IT infrastructure elements, and the individual protecting cybersecurity services and applications. From the DVA results, vulnerability is quantitatively attributed to the various internal contributing components (e.g., user identities, ports, protocols, protection layers). This allows different contributing components to be assessed using comparable metrics (e.g., user security awareness vs. infrastructure patch condition vs. efficacy of anti-malware). DVA allows information security managers to pose and compare the results of „what if” queries to see the vulnerability reduction of various available options that might not otherwise be quantitatively comparable (e.g., investment in employee security awareness programs vs. hardening IT infrastructure vs. adding additional cybersecurity applications and services. The framework, formulae, and relevant examples of applying DVA to single LAN and multiple LAN enterprise networks are described. This paper describes our model capable of determining the metric of threats. The paper includes the applied mathematical formulae to present the practical application of the model.

Actions (login required)

Edit Item