Repository logo
 

Towards an efficient vulnerability analysis methodology for better security risk management

Simple item page
dc.contributor.authorPoolsappasit, Nayot, author
dc.contributor.authorRay, Indrajit, advisor
dc.contributor.authorRay, Indrakshi, 1966-, advisor
dc.contributor.authorMcConnell, Ross M., committee member
dc.contributor.authorJayasumana, Anura P., committee member
dc.date.accessioned2007-01-03T04:41:49Z
dc.date.available2007-01-03T04:41:49Z
dc.date.issued2010
dc.description.abstractRisk management is a process that allows IT managers to balance between cost of the protective measures and gains in mission capability. A system administrator has to make a decision and choose an appropriate security plan that maximizes the resource utilization. However, making the decision is not a trivial task. Most organizations have tight budgets for IT security; therefore, the chosen plan must be reviewed as thoroughly as other management decisions. Unfortunately, even the best-practice security risk management frameworks do not provide adequate information for effective risk management. Vulnerability scanning and penetration testing that form the core of traditional risk management, identify only the set of system vulnerabilities. Given the complexity of today's network infrastructure, it is not enough to consider the presence or absence of vulnerabilities in isolation. Materializing a threat strongly requires the combination of multiple attacks using different vulnerabilities. Such a requirement is far beyond the capabilities of current day vulnerability scanners. Consequently, assessing the cost of an attack or cost of implementing appropriate security controls is possible only in a piecemeal manner. In this work, we develop and formalize new network vulnerability analysis model. The model encodes in a concise manner, the contributions of different security conditions that lead to system compromise. We extend the model with a systematic risk assessment methodology to support reasoning under uncertainty in an attempt to evaluate the vulnerability exploitation probability. We develop a cost model to quantify the potential loss and gain that can occur in a system if certain conditions are met (or protected). We also quantify the security control cost incurred to implement a set of security hardening measures. We propose solutions for the system administrator's decision problems covering the area of the risk analysis and risk mitigation analysis. Finally, we extend the vulnerability assessment model to the areas of intrusion detection and forensic investigation.
dc.format.mediumborn digital
dc.format.mediumdoctoral dissertations
dc.identifierPoolsappasit_colostate_0053A_10071.pdf
dc.identifierETDF2010100009COMS
dc.identifier.urihttp://hdl.handle.net/10217/40477
dc.languageEnglish
dc.language.isoeng
dc.publisherColorado State University. Libraries
dc.relation.ispartof2000-2019
dc.rightsCopyright and other restrictions may apply. User is responsible for compliance with all applicable laws. For information about copyright law, please see https://libguides.colostate.edu/copyright.
dc.subjectdata security
dc.subjectsecurity best practice
dc.subjectsecurity
dc.subjectrisk management
dc.subjectmulti-objective optimization
dc.subject.lcshComputer security -- Management
dc.subject.lcshCyberterrorism
dc.subject.lcshInformation technology -- Risk management
dc.subject.lcshComputer networks -- Security measures
dc.titleTowards an efficient vulnerability analysis methodology for better security risk management
dc.typeText
dcterms.rights.dplaThis Item is protected by copyright and/or related rights (https://rightsstatements.org/vocab/InC/1.0/). You are free to use this Item in any way that is permitted by the copyright and related rights legislation that applies to your use. For other uses you need to obtain permission from the rights-holder(s).
thesis.degree.disciplineComputer Science
thesis.degree.grantorColorado State University
thesis.degree.levelDoctoral
thesis.degree.nameDoctor of Philosophy (Ph.D.)

Files

Original bundle
Now showing 1 - 1 of 1
Thumbnail Image
Name:
Poolsappasit_colostate_0053A_10071.pdf
Size:
2.52 MB
Format:
Adobe Portable Document Format
Description:
Download

Collections

2000-2019
Theses and Dissertations