All organizations face issues of cyber-attacks. Organizations should be able to judge the ecosystem and predict attacks. It is an important and critical factor to secure information. The impact of worms, viruses, or other malicious software on the cost is significant. This paper proposes a mathematical model to predict the impact of an attack based on significant factors that influence cyber security. This model also considers the environmental information required. It is generalized and can be customized to the needs of the individual organization.
The digital assets of any organization area threat constantly. With threats gathering new dimensions the organization is bound to allocate sufficient resources to mitigate cyber security threats. The Common Vulnerability Scoring System (CVSS) is a standard framework used by many organizations. The characteristics and impacts of IT vulnerabilities are communicated through this system.
The qualities of vulnerability that are unchanged over time and user are highlighted in this group. The characteristics of vulnerability over time is covered by the temporal group and the environmental group highlights the specific user environment.
A common language is established in the IT community by the CVSS. This mathematical model proposed by this paper predicts the impact of an attack based on the significant factors that influence cyber security. These factors are arrived at by considering several historical data points and mathematically verifying their significance to the impact and characteristics of attacks.
Prediction models can be developed using statistical techniques to predict different project outcomes and interim outcomes. A process performance model adopts the concepts of probability.
This can also be explored further by building simulations. Output can be studied as a range and depending on the predictions, midcourse correction can be made and the model can be simulated to predict the final outcome. It is thus a proactive model that helps the technical analyst to analyze the data and predict outcomes.
The CVSS score is greatly influenced by the the vulnerabilities to the network and the network traffic.. The baseline data for these variables is shared by the infrastructure team to the quality team on a regular basis.For each network process, based on the network type and applications hosted, a logical grouping can be considered and organization values can be baselined. Technical analysts can then refer to these baseline organizational data when they start the network design process. As part of the process, they can also use these reference values to determine the upper and lower specification limits. These values will be available for each of the subprocess parameters. The technical analyst can then determine and analyze which vulnerabilities need to be controlled and select threshold values based on that.
What-if analysis is performed based on the different scenarios.. Going by the different scenarios, vulnerability and network traffic values are assumed and provided as inputs to the model. The predicted outcome is then compared with the thresholds.. It is not only about the mathematical model, but about how it can be put into practice. Then, the technical analyst has to look at the environmental constraints. As the prediction model considers the key influencing factors to predict the CVSS, project schedule and project cost are affected by the influencing factor values so they need to be analyzed as well. These forecasts serve as alerts that it should take action to mitigate the threat of cyber-attacks.
Predicting CVSS scores helps in prioritizing vulnerabilities and remediate those with high risks. CVSS scores help customers understand the severity of vulnerabilities and help them to manage the risks effectively manage so the CVSS sored are shared by the software application vendors with their customers. Some organizations even share the vulnerability bulletins which share the ate of the attack, systems affected, and patches performed. Thus, the CVSS prediction model is vital and should be used extensively. The prediction model should be used extensively by technical analysts. For every scenario, all the assumptions and associated risks should be documented by the analyst. A detailed attack prevention plan should be in place. At every step, the attack, its type, cause, and preventive action should be documented. To pin point the root cause different analysis techniques should be used such as the 5 –why technique. After identifying the root cause, the next steps in terms of corrective and preventive actions should also be planned. It should be reviewed by the technical experts so the improvements can be made.
Prediction models should not be a continuous activity. Technical analysts should use the model on an ongoing basis and also suggest shortcomings. Prediction models are statistical and simulative in nature. These models should help simulating scenarios as well as determining outcomes. They can also model different variation factors and help the analyst with the predicted range or the variation of its outcomes.
Vulnerability and network traffic were selected as the influencing factors to predict CVSS score. Based on the score, the technical analyst can analyze the impact and take necessary preventive actions. This model also considers the environmental information required. It is thus generalized and can be customized to the needs of the individual organization.