相關主題
商品描述
This book examines different aspects of network security metrics and their application to enterprise networks. One of the most pertinent issues in securing mission-critical computing networks is the lack of effective security metrics which this book discusses in detail. Since “you cannot improve what you cannot measure”, a network security metric is essential to evaluating the relative effectiveness of potential network security solutions.
The authors start by examining the limitations of existing solutions and standards on security metrics, such as CVSS and attack surface, which typically focus on known vulnerabilities in individual software products or systems. The first few chapters of this book describe different approaches to fusing individual metric values obtained from CVSS scores into an overall measure of network security using attack graphs. Since CVSS scores are only available for previously known vulnerabilities, such approaches do not consider the threat of unknown attacks exploiting the so-called zero day vulnerabilities. Therefore, several chapters of this book are dedicated to develop network security metrics especially designed for dealing with zero day attacks where the challenge is that little or no prior knowledge is available about the exploited vulnerabilities, and thus most existing methodologies for designing security metrics are no longer effective.Finally, the authors examine several issues on the application of network security metrics at the enterprise level. Specifically, a chapter presents a suite of security metrics organized along several dimensions for measuring and visualizing different aspects of the enterprise cyber security risk, and the last chapter presents a novel metric for measuring the operational effectiveness of the cyber security operations center (CSOC).
Security researchers who work on network security or security analytics related areas seeking new research topics, as well as security practitioners including network administrators and security architects who are looking for state of the art approaches to hardening their networks, will find this book helpful as a reference. Advanced-level students studying computer science and engineering will find this book useful as a secondary text.商品描述(中文翻譯)
本書探討了網路安全指標的不同面向及其在企業網路中的應用。確保關鍵任務計算網路安全的最重要問題之一是缺乏有效的安全指標,本書將詳細討論這一點。由於「你無法改善你無法測量的事物」,因此網路安全指標對於評估潛在網路安全解決方案的相對有效性至關重要。
作者首先檢視現有解決方案和安全指標標準的限制,例如 CVSS 和攻擊面,這些通常專注於單一軟體產品或系統中的已知漏洞。本書的前幾章描述了將從 CVSS 分數獲得的個別指標值融合成整體網路安全度量的不同方法,使用攻擊圖。由於 CVSS 分數僅適用於先前已知的漏洞,因此這些方法並未考慮利用所謂的零日漏洞進行的未知攻擊的威脅。因此,本書的幾個章節專門致力於開發專門設計用於應對零日攻擊的網路安全指標,因為這種挑戰在於對被利用的漏洞幾乎沒有或完全沒有先前的知識,因此大多數現有的安全指標設計方法已不再有效。
最後,作者探討了在企業層面應用網路安全指標的幾個問題。具體而言,有一章介紹了一套沿著幾個維度組織的安全指標,用於測量和可視化企業網路安全風險的不同面向,而最後一章則提出了一種新穎的指標,用於衡量網路安全運營中心(CSOC)的運作有效性。
從事網路安全或安全分析相關領域的安全研究人員尋求新的研究主題,以及尋求最先進方法來加強其網路的安全從業人員,包括網路管理員和安全架構師,將會發現本書作為參考資料非常有幫助。學習計算機科學和工程的高級學生也會發現本書作為輔助教材非常有用。
