Original scientific paper
https://doi.org/10.24138/jcomss-2023-0128
A Methodology for Dynamic Security Risks Assessment in Interconnected IT Systems
Seraj Fayyad
; Al-Zaytoonah University of Jordan, Amman, Jordan
*
Ahmad Alkhatib
; Al-Zaytoonah University of Jordan, Amman, Jordan
Farhan Abdel-Fattah
; Al-Zaytoonah University of Jordan, Amman, Jordan
Hani Almimi
; Al-Zaytoonah University of Jordan, Amman, Jordan
* Corresponding author.
Abstract
The network of any IT system is subject to continuous changes, such as the addition of new nodes, software installations, and the emergence of new vulnerabilities. On the other hand, the importance of nodes within the IT system’s network varies due to various factors, impacting the severity of potential node exploitation. Additionally, the interconnected nature of the nodes means that the security of each node is interdependent on the others nodes. In this context, effective risk assessment methodologies that consider the factors which impact the security of the system are crucial. This paper introduces an innovative methodology that takes into account the aforementioned factors. The proposed approach evaluates vulnerabilities, interconnections, and dynamic changes to deliver a comprehensive and up-to-date security risk assessment. By employing this methodology, administrators gain better control over system security with dynamic evaluations that support well-informed decisions. Furthermore, the methodology facilitates risk assessment for specific nodes and enables the quantification of their security levels. Due to a thorough assessment, the proposed methodology empowers IT administrators to improve the overall security of the system.
Keywords
Risk assessment; Interconnections; Attack graph; IDS; node important degree; Security risks; Impact of changes; Quantifying security implications; Exploitability; Security control
Hrčak ID:
314240
URI
Publication date:
15.1.2024.
Visits: 725 *