Continuous Monitoring and Assessment of Cybersecurity Risks in Large Computing Infrastructures

The dynamic and increasingly stealthy techniques used by cyber criminals to target critical computing infrastructure of an organization requires appropriate response mechanism on the part of the organization. Government agencies and regulatory bodies are imposing the requirements of risk assessments on a continuous basis. One important aspect of continuous risk monitoring is using a suitable risk scoring algorithm, which could help determine a risk score more efficiently. The existing risk scoring mechanism involves subjective and human-based qualitative inputs that are both labour intensive, and result in ambiguous and inconclusive results. We propose a new metric for measuring risk based on objective parameters extracted from real-time traffic logs. The metric has been validated using malicious traffic data pertaining to seven most frequently occurring threats in a network environment. We demonstrate and discuss the suitability of the metric for continuous monitoring of risk bycomparing with a snapshot based risk monitoring mechanism.