A Holistic Approach to Evaluate Cyber Threat

Several vulnerability databases and standards are currently available for assessing the degree of security of IT infrastructures in general. These standards focus on different aspects of the systems, while generally failing to provide support for holistic analyses a key aspect in ensuring a secure IT infrastructure. This work aims to address this gap by presenting a new methodology for evaluating the overall security risks of a networked system that adopts an ontology-based approach we presented in previous work. We leverage current security standards and databases, while also considering the human factors to build a broader and interconnected view. Our methodology is meant to achieve a more realistic picture of the network security, hence improving situation awareness for its administrators. To illustrate our approach, this paper brings a case study applying the new methodology to a few target networks. The proof of concept is meant to underscore the methodology’s effectiveness in assessing the security of the whole network.