This book examines different aspects of network security metrics and
their application to enterprise networks. One of the most pertinent
issues in securing mission-critical computing networks is the lack of
effective security metrics which this book discusses in detail. Since
"you cannot improve what you cannot measure", a network security metric
is essential to evaluating the relative effectiveness of potential
network security solutions.
The authors start by examining the limitations of existing solutions and
standards on security metrics, such as CVSS and attack surface, which
typically focus on known vulnerabilities in individual software products
or systems. The first few chapters of this book describe different
approaches to fusing individual metric values obtained from CVSS scores
into an overall measure of network security using attack graphs. Since
CVSS scores are only available for previously known vulnerabilities,
such approaches do not consider the threat of unknown attacks exploiting
the so-called zero day vulnerabilities. Therefore, several chapters of
this book are dedicated to develop network security metrics especially
designed for dealing with zero day attacks where the challenge is that
little or no prior knowledge is available about the exploited
vulnerabilities, and thus most existing methodologies for designing
security metrics are no longer effective.
Finally, the authors examine several issues on the application of
network security metrics at the enterprise level. Specifically, a
chapter presents a suite of security metrics organized along several
dimensions for measuring and visualizing different aspects of the
enterprise cyber security risk, and the last chapter presents a novel
metric for measuring the operational effectiveness of the cyber security
operations center (CSOC).
Security researchers who work on network security or security analytics
related areas seeking new research topics, as well as security
practitioners including network administrators and security architects
who are looking for state of the art approaches to hardening their
networks, will find this book helpful as a reference. Advanced-level
students studying computer science and engineering will find this book
useful as a secondary text.
