Information Security Continuous Monitoring (ISCM) for federal information systems and organizations

Dempsey, Kelley; Chawla, Nirali Shah; Johnson, Linda F.; Johnston, R. J.; Jones, Alicia Clay; Orebaugh, Angela; Scholl, Matthew; Stine, Kevin

doi:10.6028/nist.sp.800-137

Cited by 68 publications

(84 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Federal Information Processing Standards (FIPS) requirements demands implementation of a categorization [7], but does not require using any particular scale, thus risk comparison of users' systems is difficult.…”

Section: ) Security Requirements (Cr Ir Ar)mentioning

confidence: 99%

“…Examples of vulnerability specifications used by NVD are: vulnerability category, vendor name, product name, published vulnerability start and end dates, vulnerability update dates, vulnerability severity, access vector, and access complexity [7].…”

Section:  Vulnerabilities Database (Nvd)mentioning

confidence: 99%

“…After identifying these risks, the tools evaluate the potential impacts on the organization. Reference [7] states that SCM systems are aimed at closing the gap between the zero-day of identifying the vulnerability, until the moment the computer is loaded by a patch. www.ijacsa.thesai.org This paper describes the mechanisms of a new SCM framework that will produce better risk scores than current known systems.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Evaluating Confidentiality Impact in Security Risk Scoring Models

Weintraub¹

2016

ijacsa

View full text Add to dashboard Cite

Abstract-Risk scoring models assume that confidentiality evaluation is based on user estimations. Confidentiality evaluation incorporates the impacts of various factors including systems' technical configuration, on the processes relating to users' confidentiality. The assumption underlying this research is that system users are not capable of estimating systems' confidentiality since they lack the knowledge on the technical structure. According to the proposed model, systems' confidentiality is calculated using technical information of systems' components. The proposed model evaluates confidentiality based on quantitative metrics rather than qualitative estimates which are currently being used. Frameworks' presentation includes system design, an algorithm calculating confidentiality measures and an illustration of risk scoring computations.

show abstract

Section: ) Security Requirements (Cr Ir Ar)mentioning

confidence: 99%

Section:  Vulnerabilities Database (Nvd)mentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Evaluating Confidentiality Impact in Security Risk Scoring Models

Weintraub¹

2016

ijacsa

View full text Add to dashboard Cite

show abstract

Section:  Continuous Monitoring System (Cms)mentioning

confidence: 99%

“…According to Federal Information Processing Standards (FIPS) 1995 [13], organizations assign their IT resources security importance measures based on component location in the environment, business function using it, and potential losses in case the component is damaged. U.S. government assigns every IT asset to a group of assets called a system.…”

Section: Existing Solutionsmentioning

confidence: 99%

Quantifying Integrity Impacts in Security Risk Scoring Models

Weintraub¹

2017

ijacsa

View full text Add to dashboard Cite

Abstract-Organizations are attacked daily by criminal hackers. Managers need to know what kinds of cyber-attacks they are exposed to, for taking defense activities. Attackers may cause several kinds of damages according to the knowledge they have on organizations' configuration and of systems' vulnerabilities. One possible result of attacks is damaging the database. Estimations of attacks' impacts on database integrity are not found in literature, besides intuitive managers' assessments. The aim of this work is defining a quantitative measure, which takes into consideration the known vulnerabilities threatening on database integrity and proving its feasibility. In this work a quantitative integrity impact measure is defined, formulated, illustrated and evaluated. The proposed measure is based on the real database configuration. The superiority of the measure over current practices is illustrated.

show abstract

Towards Fundamental Science of Cyber Security

Kott

2013

Advances in Information Security

View full text Add to dashboard Cite

Information Security Continuous Monitoring (ISCM) for federal information systems and organizations

Cited by 68 publications

References 0 publications

Evaluating Confidentiality Impact in Security Risk Scoring Models

Evaluating Confidentiality Impact in Security Risk Scoring Models

Quantifying Integrity Impacts in Security Risk Scoring Models

Towards Fundamental Science of Cyber Security

Contact Info

Product

Resources

About