{"title":"Toward a Vulnerability Mitigation Model","authors":"José Eduardo M. S. Brandão","doi":"10.1093/oxfordhb/9780198800682.013.39","DOIUrl":null,"url":null,"abstract":"This chapter demonstrates how the elements of a cybersecurity incident can be analysed systematically, and suggests an alternative way to mitigate the causes and consequences of such incidents. Cybersecurity incidents can be explained in terms of a sequence of elements linking the attacking agents to their objectives: the attacking agent uses tools to exploit vulnerabilities, causing actions on a specific target to obtain unauthorized results, achieving their objectives. Cyber security can be improved by stopping the flow of the attack by mitigating one or more elements that make up the process. Unfortunately, most of these elements have characteristics that limit the opportunities for mitigation. The least difficult element to mitigate is vulnerability. The current model of vulnerability mitigation has behaved for the corporate environment, which can pay for specialized tools and consulting. This is an excellent business model but inaccessible to the public. A new model is necessary to prevent cybersecurity incidents on a broader, more inclusive level. The main proposal for vulnerability mitigation is multisector cooperation to create an independent, trustworthy, and secure vulnerability database, based on a new vulnerability report protocol developed in accordance with researchers, companies, governments, and society. However, this proposal creates some social, political, and technical challenges.","PeriodicalId":336846,"journal":{"name":"The Oxford Handbook of Cyber Security","volume":"28 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-11-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"The Oxford Handbook of Cyber Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1093/oxfordhb/9780198800682.013.39","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
This chapter demonstrates how the elements of a cybersecurity incident can be analysed systematically, and suggests an alternative way to mitigate the causes and consequences of such incidents. Cybersecurity incidents can be explained in terms of a sequence of elements linking the attacking agents to their objectives: the attacking agent uses tools to exploit vulnerabilities, causing actions on a specific target to obtain unauthorized results, achieving their objectives. Cyber security can be improved by stopping the flow of the attack by mitigating one or more elements that make up the process. Unfortunately, most of these elements have characteristics that limit the opportunities for mitigation. The least difficult element to mitigate is vulnerability. The current model of vulnerability mitigation has behaved for the corporate environment, which can pay for specialized tools and consulting. This is an excellent business model but inaccessible to the public. A new model is necessary to prevent cybersecurity incidents on a broader, more inclusive level. The main proposal for vulnerability mitigation is multisector cooperation to create an independent, trustworthy, and secure vulnerability database, based on a new vulnerability report protocol developed in accordance with researchers, companies, governments, and society. However, this proposal creates some social, political, and technical challenges.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
