Title: Application of quantitative security measurement model for prioritisation of vulnerability mitigation: a real case study

Authors: Anshu Tripathi; Umesh Kumar Singh

Addresses: Department of Information Technology, Mahakal Institute of Technology, Behind Air Strip, Dewas Road, Ujjain, India ' Institute of Computer Science, Vikram University, Ujjain, India

Abstract: Vulnerability mitigation is one of the key processes of proactive security management. Increase in complexity of IT systems and sophistication of attacks accompanied with rising rate of vulnerability evolution necessitate prioritisation of vulnerability mitigation. In this direction, a metric-based quantitative security measurement model (QSMM) was proposed in Tripathi and Singh (2013) that measures relative risk level of vulnerabilities and hosts in a network. Objective of the model is to assist system administrator in automated and reasonable decision making for mitigation of vulnerabilities present in a network. In order to evaluate the performance and effectiveness of the proposed model in realistic network, the model was applied in network of MIT campus. MIT campus network was used as the testbed to demonstrate the efficacy of model. This work presents a detailed account of this real case study and further, results are analysed.

Keywords: quantitative security measurement; security metrics; vulnerability mitigation; case study; security management; network security; campus networks.

DOI: 10.1504/IJICS.2016.080423

International Journal of Information and Computer Security, 2016 Vol.8 No.4, pp.309 - 329

Accepted: 02 Feb 2016
Published online: 22 Nov 2016 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article