CDT Technical Paper 02/14 Controls-Based Assessment of Infrastructure Vulnerability
نویسندگان
چکیده
Assessing the vulnerability of an enterprise’s infrastructure is an important step in judging the security of a network and the trustworthiness and quality of the information that flows through it. Currently real-world infrastructure vulnerability is often judged in an ad hoc manner, based on the criteria and experience of the assessors. While methodological approaches to assessing infrastructure vulnerability exist, in practice they are not academically rigorous, having grown organically to meet business requirements. Our aim in this paper therefore is to study infrastructure vulnerability from a more structured perspective. We introduce and explore a novel way of assessing computer network infrastructure vulnerability. Instead of attempting to find vulnerabilities in infrastructure, we instead assume the network is insecure, and measure its vulnerability based on the controls that have (and have not) been put in place. We consider different control schemes for addressing vulnerability, and look at how one of them, namely the Council on Cyber Security’s Top 20 Critical Security Controls, can be
منابع مشابه
Exploring a Controls-Based Assessment of Infrastructure Vulnerability
Assessing the vulnerability of an enterprise’s infrastructure is an important step in judging the security of its network and the trustworthiness and quality of the information that flows through it. Currently, low-level infrastructure vulnerability is often judged in an ad hoc manner, based on the criteria and experience of the assessors. While methodological approaches to assessing an organis...
متن کاملUnderstanding and Developing a Threat Assessment Model
The wide development of the mobile Internet technology is creating the opportunity for companies to extensively utilise computer systems for the delivery of services. New business models, which rely on electronic payment systems, are emerging and each one is creating a vulnerability to the Critical National Information Infrastructure (CNII). The opportunity for deploying offensive information w...
متن کاملEarthquake Vulnerability and Seismic Risk Assessment of Bandar Abbas in South of Iran
Bandar Abbas (center of Hormozgan province) is the most important port city in the south of Iran because of its historical places, cultural, economic, social and political importance. High risk of earthquake occurrence in this city and its province indicates the necessity of surveying the seismic vulnerability of buildings. The object of this paper is collected from existing Buildings, compiled...
متن کاملInterdependencies Between Industrial Infrastructures: Territorial Vulnerability Assessment
Industrial activities are increasingly dependent on each other. Several recent events (e.g. Tsunami and earthquake in Japan in 2011) illustrate the consequences (e.g. humans, economic...) of interactions between industrial infrastructures. The state-of-the-art review focused mainly on the risk assessment and interdependencies between critical infrastructures. The aim of this paper is to present...
متن کاملUnderstanding the Effect of Interdependency and Vulnerability on the Performance of Civil Infrastructure
Vulnerability is a measure of the extent to which a community, structure, services or geographic area is likely to be damaged or disrupted by the impact of particular hazard. Current asset management practices focuses on studying factors that affect performance of isolated infrastructure networks and model a set of actions to control the expected performance of these networks. This approach ign...
متن کامل