Application of Mean Time-to-Compromise and VEA-bility security metrics in auditing computer network security

Author

Husni, Emir ; Kurniati, Yustika

Author_Institution

Sch. of Electr. Eng. & Inf., Inst. Teknol. Bandung, Bandung, Indonesia

fYear

2014

Firstpage

1

Lastpage

5

Abstract

This study focuses on the application of security metrics to a computer network. Mean Time-to-Compromise (MTTC) metric and VEA-bility metric are selected for this study. MTTC is calculated using a set of equations based on the known vulnerabilities of the system. VEA-bility is selected because it uses CVSS that has a wide coverage of security aspects. The input data for both metrics are obtained from Nessus, a network security tool. Both metrics give numerical results which are simple to comprehend to average clients. The purpose of this study are to calculate MTTC and VEA-bility values of the network, to compare the security level of different network configurations, also to compare the feasibility and convenience of using both metrics. The results of the study can be used as recommendations for network security assessment and references to determine policies relating to computer network management.

Keywords

computer network management; computer network security; CVSS; MTTC metric; Nessus; VEA-bility metric; VEA-bility security metrics; VEA-bility values; auditing; computer network management; computer network security; mean time-to-compromise metric; network configurations security level; network security assessment; network security tool; security aspects; system vulnerabilities; Buildings; Communication networks; Computer networks; Equations; Mathematical model; Measurement; Security; CVSS; Mean Time-to-Compromise; VEA-bility component; security audit; security metric;

fLanguage

English

Publisher

ieee

Conference_Titel

Telecommunication Systems Services and Applications (TSSA), 2014 8th International Conference on

Type

conf

DOI

10.1109/TSSA.2014.7065960

Filename

7065960