Advertisement

Check Your Blind Spot: A New Cyber-Security Metric for Measuring Incident Response Readiness

  • Benjamin AzizEmail author
  • Ali Malik
  • Jeyong Jung
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10224)

Abstract

This paper presents some ideas on defining and implementing a new Cyber-security risk metric for measuring the readiness of organisations, in terms of the availability of their resources, in dealing with new attack incidents launched against their infrastructures whilst recovering from ongoing incidents. Our new metric, the Mean Blind Spot, is defined as the average interval between the recovery time of an existing incident and the occurrence time of a new incident. It is therefore designed to capture those time intervals where the organisation is most vulnerable due to possible lack of available resources. We present an approach for implementing our new metric using open data on security incidents available from the VERIS community dataset.

Keywords

Blind Spot Specific Case Study Risk Metrics Security Incident Recorded Incident 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Black, P.E., Scarfone, K., Souppaya, M.: Cyber security metrics and measures. In: Voeller, J.G. (ed.) Wiley Handbook of Science and Technology for Homeland Security, Chap. 5, pp. 1–15. Wiley, London (2008)Google Scholar
  2. 2.
    Chew, E., Swanson, M., Stine, K., Bartol, N., Brown, A., Robinson, W.: Performance measurement guide for information security. Technical report 800–55 Revision 1, National Institute of Standards and Technology, July 2008Google Scholar
  3. 3.
    Hoo, K.J.S.: How Much is Enough? A Risk-Management Approach to Computer Security (2000)Google Scholar
  4. 4.
    The Center for Internet Security: CIS Security Metrics v1.1.0, November 2010Google Scholar
  5. 5.
    Kayworth, T., Whitten, D.: Effective information security requires a balance of social and technology factors. MIS Q. Executive 9(3) (2012). http://ssrn.com/abstract=2058035
  6. 6.
    Kwon, J., Ulmer, J.R., Wang, T.: The association between top management involvement and compensation and information security breaches. J. Inf. Syst. 27(1), 219–236 (2013). http://dx.doi.org/10.2308/isys-50339 Google Scholar
  7. 7.
    P-Lippmann, R., Riordan, J.F., Yu, T.H., Watson, K.K.: Continuous security metrics for prevalent network threats: introduction and first four metrics. Technical report ESC-TR-2010-099, Massachusetts Institute of Technology (2012)Google Scholar
  8. 8.
    Payne, S.C.: A guide to security metrics. Technical report SANS Security Essentials GSEC Practical Assignment, Version 1.2e, Escal Institute of Advanced Technologies, Inc. (The SANS Institute), June 2006Google Scholar
  9. 9.
    von Solms, B., von Solms, R.: From information security to. business security? Comput. Secur. 24(4), 271–273 (2005)CrossRefGoogle Scholar
  10. 10.
    Swanson, M., Bartol, N., Sabato, J., Hash, J., Graffo, L.: Security metrics guide for information technology systems. Technical report 800–55, National Institute of Standards and Technology, July 2003Google Scholar
  11. 11.
    International Telecommunication Union: A Cybersecurity indicator of risk to enhance confidence and security in the use of telecommunication/information and communication technologies. Technical report X.1208, International Telecommunication Union (2014)Google Scholar
  12. 12.
    Verendel, V.: Quantified security is a weak hypothesis: a critical survey of results and assumptions. In: Proceedings of the 2009 Workshop on New Security Paradigms Workshop, NSPW 2009, pp. 37–50. ACM, New York (2009)Google Scholar
  13. 13.
    VERIZON: The Vocabulary for Event Recording and Incident Sharing (VERIS). http://veriscommunity.net/, Accessed 21 Nov 2016
  14. 14.
    VERIZON: VERIS Community Database. http://vcdb.org/, Accessed 21 Nov 2016

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.School of ComputingUniversity of PortsmouthPortsmouthUK
  2. 2.Institute of Criminal Justice StudiesUniversity of PortsmouthPortsmouthUK

Personalised recommendations