iMeasure Security (iMS): A Novel Framework for Security Quantification

Given the dependence of today´s business systems on a network of computers and servers, the need for security is paramount. Furthermore, with the ever evolving nature of business, and the associated technology for supporting it, requirements for security are also evolving. Computers cannot protect information automatically. To guard information residing on the computers, security services and related technologies need to be applied. Security breaches are constantly changing, often at a speed that is difficult to measure. So security practices and procedures need to be reviewed, tested and upgraded on a constant basis, staying ahead of the game. One way of ensuring better security is to be able to measure its strength, and take steps to improve it in a continuous manner. Several standards are being developed that aim to certify the strength of a security system. However, these standards focus on qualitative evaluation of security level of a system and do not consider either the dynamic aspects of user behavior or the possible vulnerabilities and threats the system may be subjected to. Consequently, there is a need for an alternative quantitative modeling approach for security assessment that overcomes the above mentioned drawbacks of the existing systems. In this paper, we present an extensible framework called iMeasure Security (iMS) that is aimed at quantifying the security strength of an enterprise system and its business impact.