Advanced Search
Back
10th Annual International Conference on Industrial Engineering and Operations Management

Critical analysis of software vulnerabilities through data analytics

Download PDF
Mastan Rao Parimi & Shekar Babu
Publisher: IEOM Society International
0 Paper Citations
1 Views
1 Downloads
Track: Cyber Security
Abstract

One of the main security risks in information technology (IT) is software vulnerability. The vulnerability when exploited by attacks, can cause catastrophic losses to the system. A lot vulnerabilities are explored and discovered in the computing system and these vulnerabilities have also increased multifold. The security vulnerabilities span across entire networks, large organisations and have to mitigated by information security engineers on a regular routine basis. One of the key challenges for Information Technology (IT) system administrators is how to tackle these vulnerabilities and more specifically which vulnerability to prioritize. All companies recognize the importance and need to prioritize these vulnerabilities. It is not only important to prioritize the vulnerabilities; it is imperative to utilize a vulnerability evaluation system. The significant role of the vulnerability evaluation system is to separate these vulnerabilities from each other through quantitative and qualitative methods. In this paper, we first review through both qualitatively and quantitatively the various vulnerabilities within an existing large global multinational company. We explore and analyze 30,000 various vulnerabilities across a 3-month time period. The 30,000 vulnerabilities are captured using an automated software from individual systems and the the network within the company. The software detects the vulnerabilities and the various characteristics associated with these vulnerabilities and assigns severity levels based on the severity of the vulnerability. The severity is assigned a score from 1 to 5, with 1 being least. The vulnerabilities captured span across 20 different lab environments, across different operating systems and these vulnerabilities are with various severity levels. The CVSS vulnerability scoring system was utilized for data from one of the biggest multinational company from within their environment. The researchers analyzed the various vulnerabilities using the various parameters of these vulnerabilities. The researchers analyzed and studied the various inherent patterns within the environment. Various variables were analyzed critically as part of the descriptive analytics. The vulnerabilities were analyzed across the labs. Then each lab was analyzed using variables like OS, various severity levels, IDs, status of vulnerabilities, CVSS scores, Access Vector, Attack Complexity, Confidentiality, Integrity, Availability, Exploitability, Systems, categories of systems, Ports, PCI,

Published in: 10th Annual International Conference on Industrial Engineering and Operations Management, Dubai, United Arab Emirates

Publisher: IEOM Society International
Date of Conference: March 10-12, 2020

ISBN: 978-1-5323-5952-1
ISSN/E-ISSN: 2169-8767

Related Research

The Impact of Intrusion Detection Systems Upon Healthcare Environments: A Research Review


11th Annual International Conference on Industrial Engineering and Operations Management


Published: 2021

Enhancing Cyber Security in the Philippine Academe: A Risk-Based IT Project Assessment Approach


11th Annual International Conference on Industrial Engineering and Operations Management


Published: 2021

Online Social Networks as Supporting Evidence for Digital Forensic Investigation: A Revised Model


11th Annual International Conference on Industrial Engineering and Operations Management


Published: 2021