Since the introduction of personal computing over the Internet, cyber-security has developed primarily as commercial services providing protection to organizations and individuals as customers of paid services. However, since the introduction of cloud-services and smartphones over a decade ago, this development has been radically altered. Effective cyber-security can no longer be provided as simplistic protective walls around trusted zones of computing (for organizations: isolated private corporate networks with secure network gateways; for individuals: stand-alone personal computers protected by locally-running anti-virus applications). These approaches have always assumed that cyber-threats do not originate from inside trusted zones. Increasingly, cybersecurity is more effectively achieved through detecting and mitigating vulnerabilities discovered through coordinated assessment of malware threats, user behaviors, and IT infrastructure weaknesses. Unlike the traditional focus on malware threats alone, this integrated approach treats the IT infrastructure and user behavior of each individual and each organization department separately. This distributed approach makes no assumptions about the origins of cyber-threats. In this paper, we examine the implications of using this distributed approach in the public sector. Particular emphasis is placed on aspects where the traditional framework of cyber-security as a commercial service can be usefully abandoned and replaced by more effective public sector practices. The recent evolution of the Digital Divide in Central and Eastern Europe has not been a simple story of those with less opportunity and access (old, poor, less educated) being able close the gap by “catching up” with those of greater opportunity and access (young, wealthy, well educated). Rather, the closing of the Digital Divide has been achieved more through the adoption of very different digital activities provided through very differently organized services – activities and services that require very different public sector approaches to cyber-security. These include new approaches to measuring citizen cyber-health; making citizens savvier about their personal cybersecurity; and providing more secure online public services.
In the digital age more and more services and data are available over the Internet. Companies and public organizations becoming increasingly vulnerable related to hacks and cyberattacks. In order to provide successful online services, effective security initiatives and targeted protections are necessary to mitigate security risks. Effective cybersecurity more than deploying firewalls and other security software (e.g. antivirus, intrusion detection/prevention systems.). Through risk assessment and risk management practices we can identify critical parts of information systems and can transform them into security tactics. Furthermore in the Distributed Vulnerability Assessment (DVA) model three factors are identified: (1) characteristics and prevalence of cyber-threats, (2) vulnerabilities of IT infrastructure and its components and processes, (3) vulnerabilities deriving from users’ behavior. In this paper, we examine and improve our mathematical model of Distributed Vulnerability Assessment. This model can be extended for using additional information and considerations. This paper also presents a practical method which can be applied to eGovernment infrastructure and services also to reduce the impact of malware attacks of the information system.
Distributed Vulnerability Assessment Electronic information systems are used in nearly every area of life today. Besides computers smart and IoT devices turn up. However, when IT systems are used online there are cyber-threats too. The so called cyber criminals can steal unauthorised data and credentials by means of malicious codes or can have a harmful effect on IT security. If we want to observe the protection of an IT system and infrastructure against threats we must consider several relevant relating parameters. Three factors are identified in the applied model of cyber-threats-Distributed Vulnerability Assessment (DVA): 1. characteristics and prevalence of harmful cyber-threats; 2. vulnerabilities of IT infrastructure and its processes; 3. vulnerabilities deriving from users' behaviour. Using a metric, the impact of a threat typical of a given infrastructure can be determined with a mathematical model. This metric means the probability of at least one threat attacking successfully at least one device in the IT infrastructure used by the given users. All available information must be considered in the case of the three cornerstones for the operation of the model. Such information is the prevalence, the necessary hardware and software elements or the demanded user activity. In the case of user behaviour, the most important characteristic is when and how the user uses the IT devices, to what extent he tends to open e-mail attachments or visit unknown web sites. In the case of IT infrastructure what hardware or software elements are present or absent and how they affect the operation of the observed harmful code. This, obviously, relates to the protection systems installed on the devices of the IT infrastructure. Using our mathematical approach, the integrated vulnerability is decomposed and distributed to the contributing elements of individual user susceptibility, individual IT infrastructure elements, and the individual protecting cybersecurity services and applications. From the DVA results, vulnerability is quantitatively attributed to the various internal contributing components (e.g., user identities, ports, protocols, protection layers). This allows different contributing components to be assessed using comparable metrics (e.g., user security awareness vs. infrastructure patch condition vs. efficacy of antimalware). DVA allows information security managers to pose and compare the results of "what if" queries to see the vulnerability reduction of various available options that might not otherwise be quantitatively comparable (e.g., investment in employee security awareness programs vs. hardening IT infrastructure vs. adding additional cybersecurity applications and services. The framework, formulae, and relevant examples of applying DVA to single LAN and multiple LAN enterprise networks are described.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
Contact Info
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Product
Resources
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Copyright © 2025 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.
