COMING SOON! PQDT Open is getting a new home!

ProQuest Open Access Dissertations & Theses will remain freely available as part of a new and enhanced search experience at www.proquest.com.

Questions? Please refer to this FAQ.

Dissertation/Thesis Abstract

Leveraging Publicly Available Data and Prediction Models to Minimize Future Cyber Vulnerabilities During COTS-Based System Design
by Chow, Raymond LiMing, D.Engr., The George Washington University, 2021, 94; 28411961
Abstract (Summary)

Addressing cybersecurity vulnerabilities is an essential component in thwarting cyber-attacks. Failure to apply patches and resolve vulnerabilities has contributed to many high-profile breaches and loss of profits. To mitigate this problem, current cybersecurity standards advocate the use of periodic scans to detect and resolve vulnerabilities which requires continual patch management, a costly and time-consuming approach that occurs post system design and implementation. This study proposes a quantitative method to evaluate the cybersecurity vulnerability of similar COTS-based solutions at the onset of the system design phase by leveraging publicly available vulnerability data. The approach shifts cybersecurity consideration earlier in the system life cycle, providing decision makers with quantitative measures of the risks associated with product choices. Decision makers can utilize the information to choose designs that minimize the likelihood of future vulnerabilities in both number and severity, resulting in reduced sustainment costs. Unlike existing studies that focused on forecasting vulnerability counts, this paper emphasizes the use of cumulative severity scores aggregated at the solution/system level. The method is illustrated in this study via a hypothetical design effort involving COTS-based solutions for a web application system. Time series analysis was performed to select the solution with the lowest projected cyber vulnerability. Historical actuals were used to validate the forecasts, demonstrating the proposed method’s applicability.

Indexing (document details)
Advisor: Sarkani, Shahram, Mazzuchi, Thomas A.
Commitee: Etemadi, Amir, Blackford, Joseph P.
School: The George Washington University
Department: Engineering Management
School Location: United States -- District of Columbia
Source: DAI-A 82/10(E), Dissertation Abstracts International
Source Type: DISSERTATION
Subjects: Engineering, Management, Computer science, Computer Engineering
Keywords: Commercial-Off-The-Shelf, Common Vulnerability Scoring System, Cybersecurity, System design, Time series forecast, Vulnerabilities
Publication Number: 28411961
ISBN: 9798597075235
Copyright © 2021 ProQuest LLC. All rights reserved. Terms and Conditions Privacy Policy Cookie Policy
ProQuest