Reproducible modelling and simulating security vulnerability scanners evaluation framework towards risk management assessment of small and medium enterprises business networks

Ilias Chalvatzis; Dimitrios A Karras; Rallis C Papademetriou

首页> 外文期刊>Indian Journal of Science and Technology >Reproducible modelling and simulating security vulnerability scanners evaluation framework towards risk management assessment of small and medium enterprises business networks

【24h】

Reproducible modelling and simulating security vulnerability scanners evaluation framework towards risk management assessment of small and medium enterprises business networks

机译：可重复的建模与模拟安全漏洞扫描仪对中小企业企业网络风险管理评估的评价框架

获取原文

掌桥外文数据库（机构版） >>

开具论文收录证明 >>

文献代查 >>

页面导航

摘要
著录项
相似文献
相关主题

摘要

Objectives: Risk Management has been recognized as a critical issue in computer infrastructures, especially in medium to large scale organizations and enterprises. The goal of this research report is to provide a practical comprehensive virtual machine based framework for assessing the performance of vulnerability scanners applied to such enterprises, focused to small and medium size ones towards a risk evaluation analysis. Moreover, the purpose of this paper is to compare three of the most well-known free vulnerability scanners (Nessus, OpenVAS, Nmap Scripting Engine) with regards to how they can be used to systematise the process of Risk Assessment in an enterprise, based on the herein presented experimental evaluation framework involving virtual machine testing. Method: The proposed methodology is based on developing a framework for suitable setup and usage of virtual machines making risk analysis practical and being capable of comparing different vulnerability scanners. Findings: The herein developed framework is shown to be efficient with regards to comparison and selection of candidate risk analysis software with easily accessed and affordable infrastructure. Novelty: Although there might be few other similar comparisons of vulnerability scanners in the literature, the main herein contribution is the provision of a practical and above all easily reproducible framework for small business enterprises to establish proper selection procedures of such security software without spending a lot of money for expensive testing infrastructure.

机译：目标：风险管理已被认为是计算机基础设施中的一个关键问题，特别是在大型大规模组织和企业中。本研究报告的目标是提供一个实用的综合虚拟机基于虚拟机的框架，用于评估适用于此类企业的脆弱性扫描仪的性能，专注于中小小尺寸的体积朝向风险评估分析。此外，本文的目的是比较三个最着名的免费漏洞扫描仪（Nessus，Openvas，NMAP脚本发动机），了解它们如何用于系统地基于的企业中的风险评估过程。本文提出了涉及虚拟机测试的实验评估框架。方法：所提出的方法是基于开发适用的建立和使用虚拟机的框架，使风险分析实用，并且能够比较不同的漏洞扫描仪。调查结果：本文开发的框架被证明是为了对比较和选择候选风险分析软件的比较和选择，具有易于访问和经济的基础设施。新奇：虽然在文献中可能存在漏洞扫描仪的其他相似比较，但此处的主要贡献是提供实用的，高于所有容易可再现的小型企业的可重复框架，以建立这种安全软件的正确选择程序而不花很多昂贵的测试基础设施的金钱。

著录项

来源
《Indian Journal of Science and Technology》 |2020年第37期|共34页
作者
Ilias Chalvatzis; Dimitrios A Karras; Rallis C Papademetriou;
展开▼
作者单位

展开▼
收录信息
原文格式 PDF
正文语种
中图分类连续性出版物;
关键词
Vulnerability Scanningrisk assessmentnessusOpenVASNmap scripting engine;

机译：漏洞扫描仪评估issityusopenvasnmap脚本引擎;

相似文献

外文文献
中文文献
专利

1. Effectiveness of Security Control Risk Assessments for Enterprises: Assess on the Business Perspective of Security Risks [J] . Satyanandan B. Atyam Information security journal . 2010,第6期

机译：企业安全控制风险评估的有效性：从安全风险的业务角度评估
2. An economic model to evaluate information security investment of risk-taking small and medium enterprises [J] . Mayadunne Sanjaya, Park Sungjune International journal of production economics . 2016,第DECa期

机译：一种评估冒险型中小企业信息安全投资的经济模型
3. TRACING BUSINESS AND ENVIRONMENTAL EFFECTS OF ENVIRONMENTAL MANAGEMENT SYSTEMS - A STUDY OF NETWORKING SMALL AND MEDIUM-SIZED ENTERPRISES USING A JOINT ENVIRONMENTAL MANAGEMENT SYSTEM [J] . Jonas Ammenberg, Olof Hjelm Business Strategy and the Environment . 2003,第3期

机译：跟踪环境管理系统的业务和环境效果-使用联合环境管理系统对中小型企业进行网络研究
4. Towards a Thorough Evaluation Framework of Software Tools Suitable for Small and Medium Size Enterprises Focusing on Modelling and Simulating Business Processes [C] . Rallis C. Papademetriou, Dimitrios A. Karras International symposium on business modeling and software design . 2017

机译：建立适合中小型企业的软件工具全面评估框架，重点是建模和模拟业务流程
5. A Framework for Evaluation of Risk Management Models for HIPAA Compliance for Electronic Personal Health Information used by Small and Medium Businesses using Cloud Technologies [D] . Luna, Raymond Brett. 2018

机译：中小企业使用Cloud Technologies的HIPAA电子个人健康信息合规性风险管理模型评估框架
6. Promoting mental health in small-medium enterprises: An evaluation of the Business in Mind program [O] . Angela Martin, Kristy Sanderson, Jenn Scott, 2009

机译：促进中小型企业的心理健康：企业经营思想计划的评估
7. Towards a thorough evaluation framework of software tools suitable for small and medium size enterprises focusing on modelling and simulating business processes [O] . Papademetriou Rallis, Karras D. A. 2017

机译：建立适用于中小型企业的软件工具的全面评估框架，侧重于建模和模拟业务流程

Reproducible modelling and simulating security vulnerability scanners evaluation framework towards risk management assessment of small and medium enterprises business networks

摘要

著录项

相似文献

相关主题

期刊订阅