Analysing the performance of security solutions to reduce vulnerability exposure window

Proceedings - Annual Computer Security Applications Conference, ACSAC

Volumn , Issue , 2008, Pages 33-42

  Beres, Yolanta ^a   Griffin, Jonathan ^a   Shiu, Simon ^a   Heitman, Max ^b   Markle, David ^b   Ventura, Peter ^b  

^a HEWLETT PACKARD LABORATORIES   (United States)

^b CITI

Author keywords

[No Author keywords available]

Indexed keywords

COMPUTER SIMULATION; INVESTMENTS; RISK ANALYSIS; SAFETY FACTOR; SECURITY SYSTEMS; STOCHASTIC MODELS; WINDOWS;

DECISION POINTS; EXPERIMENTAL SIMULATIONS; INTERNAL SECURITIES; LARGE ORGANIZATIONS; MATHEMATICAL MODELLING; MITIGATION MEASURES; PATCH MANAGEMENTS; POLICY CHANGES; POTENTIAL EXPOSURES; POTENTIAL RISKS; SECURITY INVESTMENTS; SECURITY SOLUTIONS; STOCHASTIC SIMULATIONS; THREAT ENVIRONMENTS; VULNERABILITY MANAGEMENTS;

RISK ASSESSMENT;

EID: 60649088249     PISSN: 10639527     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/ACSAC.2008.42     Document Type: Conference Paper

References (18)

1. R. Anderson, "Why information security is hard: An economic perspective", Proc. Of 17th Annual Computer Security Applications Conference, 2001.
2. th System Administration Conference, 2002.
3. G. Birtwistle, Demos - discrete event modelling on Simula, Macmillian, 1979.
4. P. Mell, S. Romanosky, "A Complete Guide to the Common Vulnerability Scoring System Version 2.0", 2007.
5. Demos2k. http://www.demos2k.org/
6. S. Frei, M. May, U. Fiedler, B. Plattner, "Large-Scale Vulnerability Analysis", Proc. of SIGCOMM'06 Workshops, September 2006.
7. L.A. Gordon, M.P. Loeb, "The Economics of Information Security Investment", ACM Transactions on Information and Systems Security, Vol. 5, No. 4, Nov 2002.
8. L.A. Gordon and M.P. Loeb, Managing Cybersecurity Resources: A Cost-Benefit Analysis, 2006.
9. Code of Practice for Information Management, ISO/IEC 17799:2000, Int'l Organization of Standartization.
10. W.A. Arbaugh, W.L. Fithem, J. McHugh, "Windows of Vulnerability: A Case Study Analysis", IEEE Computer, 2000.
11. B. Monahan, "DXM - The Demos eXperiments Manager", HP Labs Technical Report, 2008.
12. P. Mell and M. C. Tracy, "Procedures for Handling Security Patches", National Institute of Standards and Technology, August 2002.
13. A. Beautement, R. Coles, J. Griffin, C. Ioannidis, B. Monahan, D. Pym, A. Sasse, M. Wonham, "Modeling the Human and Technological Costs and Benefits of USB Memory Stick Security", WEIS 2008.
14. J. Griffin, B. Monahan, D. Pym, M. Wonham, M. Yearworth, "Assessing the Value of Investments in Network Security Operations: A Systems Analytics Approach", WEIS 2007.
15. D Pym, B Monahan, "A Structural and Stochastic Modelling Philosophy for Systems Integrity", HP Labs Technical Report, 2006.
16. B Schneier, "Managed Security Monitoring: Closing the Window of Exposure", Counterpane Internet Security.
17. Symantec Global Internet Security Threat Report: Trends for July-December 07, Volume XII, April 2008.
18. G. Zhang, Y. Tan, D. Dey, "Optimal Policies for Security Patch Management", under review.