Towards the Intelligent Application of Security Controls

Today, attacks on sensitive data held by organizations and the resulting data breaches are unfortunately all too common. In response to these attacks the organization applies security controls (e.g., encryption) to secure its vulnerabilities. However, these controls are often applied haphazardly, wi...

Full description

Saved in:
Bibliographic Details
Main Author: Yee, George O. M.
Format: Conference Proceeding
Language:English
Subjects:
Computational modeling
Computer security
information security
intelligent application
Mathematical model
Organizations
Reliability
security controls
Terminology
vulnerabilities
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Today, attacks on sensitive data held by organizations and the resulting data breaches are unfortunately all too common. In response to these attacks the organization applies security controls (e.g., encryption) to secure its vulnerabilities. However, these controls are often applied haphazardly, without any idea of their reliability, or any guidance on how they should be applied to account for the priority of the vulnerabilities or a security control's effect on the overall security posture of the organization. This work derives a mathematical model linking the reliability of the security controls to the overall security level of the organization. The paper then combines this model with a method to prioritize vulnerabilities, allowing the organization to more intelligently apply security controls and reach its desired security level goal within negotiated budgetary constraints. The paper illustrates this approach using an application example.
ISSN:2577-0993
DOI:10.1109/RAMS48030.2020.9153668