Addressing cybersecurity vulnerabilities is an essential component in thwarting cyber-attacks. Failure to apply patches and resolve vulnerabilities has contributed to many high-profile breaches and loss of profits. To mitigate this problem, current cybersecurity standards advocate the use of periodic scans to detect and resolve vulnerabilities which requires continual patch management, a costly and time-consuming approach that occurs post system design and implementation. This study proposes a quantitative method to evaluate the cybersecurity vulnerability of similar COTS-based solutions at the onset of the system design phase by leveraging publicly available vulnerability data. The approach shifts cybersecurity consideration earlier in the system life cycle, providing decision makers with quantitative measures of the risks associated with product choices. Decision makers can utilize the information to choose designs that minimize the likelihood of future vulnerabilities in both number and severity, resulting in reduced sustainment costs. Unlike existing studies that focused on forecasting vulnerability counts, this paper emphasizes the use of cumulative severity scores aggregated at the solution/system level. The method is illustrated in this study via a hypothetical design effort involving COTS-based solutions for a web application system. Time series analysis was performed to select the solution with the lowest projected cyber vulnerability. Historical actuals were used to validate the forecasts, demonstrating the proposed method’s applicability.
|Advisor:||Sarkani, Shahram, Mazzuchi, Thomas A.|
|Commitee:||Etemadi, Amir, Blackford, Joseph P.|
|School:||The George Washington University|
|School Location:||United States -- District of Columbia|
|Source:||DAI-A 82/10(E), Dissertation Abstracts International|
|Subjects:||Engineering, Management, Computer science, Computer Engineering|
|Keywords:||Commercial-Off-The-Shelf, Common Vulnerability Scoring System, Cybersecurity, System design, Time series forecast, Vulnerabilities|
Copyright in each Dissertation and Thesis is retained by the author. All Rights Reserved
The supplemental file or files you are about to download were provided to ProQuest by the author as part of a
dissertation or thesis. The supplemental files are provided "AS IS" without warranty. ProQuest is not responsible for the
content, format or impact on the supplemental file(s) on our system. in some cases, the file type may be unknown or
may be a .exe file. We recommend caution as you open such files.
Copyright of the original materials contained in the supplemental file is retained by the author and your access to the
supplemental files is subject to the ProQuest Terms and Conditions of use.
Depending on the size of the file(s) you are downloading, the system may take some time to download them. Please be