Learning from Early Attempts to Measure Information Security Performance.
CSET'12: Proceedings of the 5th USENIX conference on Cyber Security Experimentation and Test(2012)
摘要
The rapid evolution of threat ecosystems and the shifting focus of adversarial actions complicate efforts to assure security of an organization's computer networks. Efforts to build a rigorous science of security, one consisting of sound and reproducible empirical evaluations, start with measures of these threats, their impacts, and the factors that influence both attackers and victims. In this study, we present a careful examination of the issue of account compromise at two large academic institutions. In particular, we evaluate different hypotheses that capture common perceptions about factors influencing victims (e.g., demographics, location, behavior) and about the effectiveness of mitigation efforts (e.g., policy, education). While we present specific and sometimes surprising results of this analysis at our institutions, our goal is to highlight the need for similar in-depth studies elsewhere.
更多查看译文
关键词
account compromise,adversarial action,careful examination,common perception,computer network,different hypothesis,large academic institution,mitigation effort,rapid evolution,reproducible empirical evaluation,early attempt,information security performance
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络