Working paper
Controls-based assessment of infrastructure vulnerability
- Abstract:
-
Assessing the vulnerability of an enterprise’s infrastructure is an important step in judging the security of a network and the trustworthiness and quality of the information that flows through it. Currently real-world infrastructure vulnerability is often judged in an ad hoc manner, based on the criteria and experience of the assessors. While methodological approaches to assessing infrastructure vulnerability exist, in practice they are not academically rigorous, having grown organically to meet business requirements. Our aim in this paper therefore is to study infrastructure vulnerability from a more structured perspective. We introduce and explore a novel way of assessing computer network infrastructure vulnerability. Instead of attempting to find vulnerabilities in infrastructure, we instead assume the network is insecure, and measure its vulnerability based on the controls that have (and have not) been put in place. We consider different control schemes for addressing vulnerability, and look at how one of them, namely the Council on Cyber Security’s Top 20 Critical Security Controls, can be applied.
- Publication status:
- Not published
- Peer review status:
- Not peer reviewed
Actions
Authors
Contributors
- Institution:
- University of Oxford
- Research group:
- Cyber Security Centre
- Department:
- Computer Science
- Role:
- Contributor
- Funding agency for:
- Farnan, O
- Series:
- CDT technical paper
- Publication date:
- 2014-01-01
- Edition:
- Author's Original
- Paper number:
- 02/14
- Language:
-
English
- Keywords:
- Subjects:
- UUID:
-
uuid:6df16c74-d94c-4107-9105-d177377f4c88
- Local pid:
-
ora:9977
- Deposit date:
-
2015-02-09
Terms of use
- Copyright holder:
- Farnan, O
- Copyright date:
- 2014
If you are the owner of this record, you can report an update to it here: Report update to this record