Towards a security evaluation model based on security metrics

“…3.0.1 Weighted Average. To compute weightings for security controls based on their contributions to the criteria outlined above, subject matter experts (SMEs) and stakeholders may set weightings based on the observations, experience and risk appetite [3,31]. For example, to weight Impact Im criterion based on prevention, detection, and response (P/D/R), SMEs and stakeholder can first set weightings for P/D/R themselves wp i = 0.5, wp d =0.25, and wp r =0.25 respectively, which means prevention is more important than detection/response for the given organisation.…”

“…The results are accompanied by detection type and modifiers. Different scenarios, methodology, and their constraints are described in their site 3 . The detection/protection capability of the product to particular attack substep is recorded as -no-detection/no-protection, an alert was raised, threat activity was observed in telemetry and/or needed to be correlated with other alerts to detect the activity, delay (manual, processing) in alert, host Interrogation was needed for detection, configuration change at detections or UX level was needed to identify the threat activity, and the residual artifact was recorded on the host for further analysis.…”

Effect of Security Controls on Patching Window: A Causal Inference based Approach

“…3.0.1 Weighted Average. To compute weightings for security controls based on their contributions to the criteria outlined above, subject matter experts (SMEs) and stakeholders may set weightings based on the observations, experience and risk appetite [3,31]. For example, to weight Impact Im criterion based on prevention, detection, and response (P/D/R), SMEs and stakeholder can first set weightings for P/D/R themselves wp i = 0.5, wp d =0.25, and wp r =0.25 respectively, which means prevention is more important than detection/response for the given organisation.…”

“…The results are accompanied by detection type and modifiers. Different scenarios, methodology, and their constraints are described in their site 3 . The detection/protection capability of the product to particular attack substep is recorded as -no-detection/no-protection, an alert was raised, threat activity was observed in telemetry and/or needed to be correlated with other alerts to detect the activity, delay (manual, processing) in alert, host Interrogation was needed for detection, configuration change at detections or UX level was needed to identify the threat activity, and the residual artifact was recorded on the host for further analysis.…”

Effect of Security Controls on Patching Window: A Causal Inference based Approach

“…The method for determining indicators to rank enforcement of security services was adapted from [23,24]. The indicators for ranking enforcement of security services were excellent, good, fair and poor.…”

A Metric for Evaluating Security Models based on Implementation of Public Key Infrastructure