{"title":"复杂网络中的安全级别量化与基准测试","authors":"Vesselin Tzvetkov","doi":"10.1109/FUTURETECH.2010.5482774","DOIUrl":null,"url":null,"abstract":"Abstract- The security of complex networks with multiple elements is very difficult to evaluate and characterize by numbers. The interaction between the network elements, the different layer topologies and the numerous features makes the security quantification almost impossible. On the other side, the lack of security benchmarking is very problematic for the budget and invests allocation by companies. Numerical economical indexes for the costs and potential benefits are used to set the budgets. The security is not be quantified and it cannot be mapped to these economical indexes, thus the budget is not set objectively. This paper suggests a novel framework for quantification of network security, thus security benchmarking. The relative vector expresses the different layers, physical connections, operation risk, and human resources. The benchmark is relative and not absolute value, which is an indirect indication for the security. The relative security vector maps to economical values and helps the management to take the decisions. The suggested framework extends the common standards like ISO 27000, BSI, ITIL, which characterize single network elements or processes in corporations. This framework is the missing link between the security standards, subjective expert analysis and the monetary instruments. The benchmarking is not saying if a system is secured, then it gives a relative indirect comparison between systems.","PeriodicalId":380192,"journal":{"name":"2010 5th International Conference on Future Information Technology","volume":"55 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-05-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Security Level Quantification and Benchmarking in Complex Networks\",\"authors\":\"Vesselin Tzvetkov\",\"doi\":\"10.1109/FUTURETECH.2010.5482774\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Abstract- The security of complex networks with multiple elements is very difficult to evaluate and characterize by numbers. The interaction between the network elements, the different layer topologies and the numerous features makes the security quantification almost impossible. On the other side, the lack of security benchmarking is very problematic for the budget and invests allocation by companies. Numerical economical indexes for the costs and potential benefits are used to set the budgets. The security is not be quantified and it cannot be mapped to these economical indexes, thus the budget is not set objectively. This paper suggests a novel framework for quantification of network security, thus security benchmarking. The relative vector expresses the different layers, physical connections, operation risk, and human resources. The benchmark is relative and not absolute value, which is an indirect indication for the security. The relative security vector maps to economical values and helps the management to take the decisions. The suggested framework extends the common standards like ISO 27000, BSI, ITIL, which characterize single network elements or processes in corporations. This framework is the missing link between the security standards, subjective expert analysis and the monetary instruments. The benchmarking is not saying if a system is secured, then it gives a relative indirect comparison between systems.\",\"PeriodicalId\":380192,\"journal\":{\"name\":\"2010 5th International Conference on Future Information Technology\",\"volume\":\"55 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2010-05-21\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2010 5th International Conference on Future Information Technology\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/FUTURETECH.2010.5482774\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 5th International Conference on Future Information Technology","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/FUTURETECH.2010.5482774","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Security Level Quantification and Benchmarking in Complex Networks
Abstract- The security of complex networks with multiple elements is very difficult to evaluate and characterize by numbers. The interaction between the network elements, the different layer topologies and the numerous features makes the security quantification almost impossible. On the other side, the lack of security benchmarking is very problematic for the budget and invests allocation by companies. Numerical economical indexes for the costs and potential benefits are used to set the budgets. The security is not be quantified and it cannot be mapped to these economical indexes, thus the budget is not set objectively. This paper suggests a novel framework for quantification of network security, thus security benchmarking. The relative vector expresses the different layers, physical connections, operation risk, and human resources. The benchmark is relative and not absolute value, which is an indirect indication for the security. The relative security vector maps to economical values and helps the management to take the decisions. The suggested framework extends the common standards like ISO 27000, BSI, ITIL, which characterize single network elements or processes in corporations. This framework is the missing link between the security standards, subjective expert analysis and the monetary instruments. The benchmarking is not saying if a system is secured, then it gives a relative indirect comparison between systems.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
