A Framework for Modeling Security Measures

A Framework for Modeling Security Measures - Proceedings of...

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon
A Framework for Modeling Security Measures Keith Harrison, Gregory White, The University of Texas at San Antonio [email protected], [email protected]} Abstract – In this paper we introduce a framework that provides a model for describing security measures and their relative effectiveness as well as importance. This model enhances computer security training and educational curriculum by providing experimental data and analysis to educators and students. Business environments will benefit from this model by enabling more cost effective allocation of scarce IT and security resources. Additional benefits include but are not limited to better development of operating systems, applications, and user interfaces. Index terms – Security, education, cyber defense competition, best practices, effectiveness I. INTRODUCTION In this paper we introduce a framework that provides a model of security measures and their effectiveness. The model provides both an overall effectiveness comparison and a priority level that should be considered in time critical situations. Our framework allows existing security best practices to be experimentally validated. Additionally, the model produced by the framework makes important contributions to security research. Educational environments will be able to use our model in order to focus their limited resources on the most effective security measures. Similarly, small businesses will be able to more efficiently allocate scarce resources to provide more cost effective security. Operating system and application designers will have the data needed to justify more secure default configurations, and be able to more effectively focus their efforts on the most critical security features. User interface designers will more accurately be able to determine what security settings are most critical and make these configuration options easier to understand and modify. II. RELATED WORK A survey of small business security tools and practices was performed at George Washington University (GWU) [1]. The purpose of this survey was to provide “insight into what works and what appears unused or ineffective.” The survey gathered information on access privilege management, management tool usage, technology tool usage, and security incidents. Relationships were identified between security incidents and access privilege policies, management tool usage, and technology tool usage. While the overall goals of this work are similar to our goals, our work is significantly different. The work from GWU focuses on identifying broad general relationships such as businesses with higher rates of past data loss are more likely to currently use backup software. The focus of our work is on the relative effectiveness of many more specific defenses against remote threats only. In the research performed at GWU, conclusions and
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 2
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 12/05/2009 for the course IT IS taught by Professor Arther during the Three '09 term at Queensland Tech.

Page1 / 6

A Framework for Modeling Security Measures - Proceedings of...

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online