Title :
Application of Mean Time-to-Compromise and VEA-bility security metrics in auditing computer network security
Author :
Husni, Emir ; Kurniati, Yustika
Author_Institution :
Sch. of Electr. Eng. & Inf., Inst. Teknol. Bandung, Bandung, Indonesia
Abstract :
This study focuses on the application of security metrics to a computer network. Mean Time-to-Compromise (MTTC) metric and VEA-bility metric are selected for this study. MTTC is calculated using a set of equations based on the known vulnerabilities of the system. VEA-bility is selected because it uses CVSS that has a wide coverage of security aspects. The input data for both metrics are obtained from Nessus, a network security tool. Both metrics give numerical results which are simple to comprehend to average clients. The purpose of this study are to calculate MTTC and VEA-bility values of the network, to compare the security level of different network configurations, also to compare the feasibility and convenience of using both metrics. The results of the study can be used as recommendations for network security assessment and references to determine policies relating to computer network management.
Keywords :
computer network management; computer network security; CVSS; MTTC metric; Nessus; VEA-bility metric; VEA-bility security metrics; VEA-bility values; auditing; computer network management; computer network security; mean time-to-compromise metric; network configurations security level; network security assessment; network security tool; security aspects; system vulnerabilities; Buildings; Communication networks; Computer networks; Equations; Mathematical model; Measurement; Security; CVSS; Mean Time-to-Compromise; VEA-bility component; security audit; security metric;
Conference_Titel :
Telecommunication Systems Services and Applications (TSSA), 2014 8th International Conference on
DOI :
10.1109/TSSA.2014.7065960
