(IJACSA) International Journal of Advanced Computer Science and Applications,

Vol. 9, No. 4, 2018

Defining Network Exposure Metrics in Security Risk

Scoring Models
Eli Weintraub1, Yuval Cohen2
Afeka Academic College of Engineering
School of Industrial Engineering
Tel Aviv, Israel

Abstract—Organizations are exposed to cyber-attacks on a This work focuses on risks to systems' availability. There
regular basis. Managers in these organizations are using scoring are several definitions for availability. We use the definition of
systems to evaluate the risks of the attacks they are exposed to. [5]: Availability is the capability of an information system to
Information security methodologies define three major security make information available including all the logical and
objectives: confidentiality, integrity and availability. This work is physical resources and accessible whenever they are needed.
focused on defining new network exposure measures affecting the Availability is usually evaluated using the MTBF and MTTF
availability. According to existing security scoring models measures. Unavailability is used to measure the percentage of
network exposure risks are assessed by assigning availability components that could be impacted by an attack on systems'
measures on an ordinal scale using users’ subjective assessment.
components. Availability is the complement to 1 of that
In this work quantitative objective measures are defined and
presented, based on the specific organizational network, thus
percentage. Current security risk models use an ordinal scale
improving accuracy of the scores computed by the current of three availability measures: High, Low and No impacts on
security risk scoring models. availability, assigned by organizations' users. In this work
availability measures are assigned real numbers in the range
Keywords—Security; cyber-attack; risk scoring; vulnerability; [0..1]. The greater the proportion of vulnerable components is
exposure the higher is the risk.

I. INTRODUCTION This work proposes a new measure called „network

availability exposure‟, which has not been considered, so far,
Various kinds of damages are caused to organizational in current security risk scoring models. Network Availability
computerized systems by anonymous hostile entities. Damage Exposure reflects the structure and characteristics of the
can range from stealing data, to changing software, or software/hardware components of the network and the
paralyzing websites [1]. Organizations‟ computers are interrelationships between the components, which contribute
exposed to attacks for long periods of time, sometimes for to achieving good / bad network availability. For example, a
weeks, from the moment a vulnerability has been detected network containing many vulnerable software components is
until the time a patch is prepared. According to [2] there is a exposed to external attackers exploiting the vulnerable
need for a solution that can rapidly evaluate system damages components. Literature does not define any specific measure,
after cyber-attacks for recovery purposes of their information nor scale for calculating the exposure of systems‟ network
system. Evaluation of potential damages is important for configuration to attacks. The proposed measure presented in
configuration management planning decisions. Information this paper is based on the real-time information of systems'
systems contain large amounts of software components which configuration, as proposed by [6].
might contain vulnerabilities stemming from logical planning
or programming bugs. Attackers plan their attacks on This work focuses on measuring networks‟ availability
components having specific vulnerabilities using exploits. exposure by quantifying the impacts of cyber-attacks on
Organizations are exposed to damages of three kinds named network components. The quantification is based on formulas
„CIA triad”: Loss of Confidentiality, Integrity and developed for this purpose. According to the proposed model,
Availability. Organizations wishing to defend their network each time a new vulnerability is published or when its status is
should have accurate knowledge of their network, focusing on updated, the metric is calculated and risk scores are re-
systems' vulnerabilities. This article focuses on using accurate evaluated. Developing new accurate assessments of risk scores
knowledge of computers' components' characteristics and is critical for planning organizations‟ risk management
networks' configuration. Defense strategy and execution is activities. Risk scores based on qualitative (subjective)
effective only if it considers the amount of potential damage estimates (which are currently been used) are prone to errors,
and the vulnerability characteristics [3]. Risk is defined in and may cause organizations to under-estimate or over-
literature as “An event where the outcome is uncertain” [4]. estimate the risk. This in turn may lead to under-mitigation in
The approach leading this research is lessening the uncertainty situations of major risks, or over-mitigation investments in
by proposing quantitative objective metrics instead of cases of minor risks. By using quantitative accurate risk
qualitative subjective assessment of organizational risk measures, organizations will be able to build IT configurations
managers. in proportion to the risk. According to [7] the secure
management of information under the conditions of frequent

399 | P a g e
www.ijacsa.thesai.org
 (IJACSA) International Journal of Advanced Computer Science and Applications,
Vol. 9, No. 4, 2018

changes is a complex recognized problem, but the common Requirements‟. „Availability Requirement‟ represents the
solution is still absent. This work defines new metrics based damage to the availability of the system in case of a successful
on the real-time network configuration and on the updated attack on a component. Thus, no environmental parameter
vulnerabilities of networks‟ components. The proposed exists for measuring networks‟ exposure – which is the focus
metrics are based on three grounds: First, metrics are based on of this work. The environmental group of parameters enables
the knowledge concerning the characteristics of the attacked to customize the CVSS score depending on the importance of
component within the actual configuration of the system. the impacted IT asset to a user‟s organization. The full effect
Second, risk calculations take into consideration the published on the overall risk score is determined by the scoring
history of actual vulnerabilities of the specific component. algorithm by incorporating the base impact metrics into the
Third, the metrics are defined on a standard scale assigning environmental metrics producing the overall security risk
quantitative, enabling comparisons to other networks‟ or other score. This work suggests adding the new environmental
internal or external configurations. exposure impact measures into the computations of the
availability measure. The availability measure is used for
The rest of the paper is organized as follows: Section II overall risk scoring computations.
describes current known existing solutions. Section III
presents network exposure metrics and computations. All CVSS parameters are assigned ordinal qualitative
Section IV presents an illustration example. Section V values which are based on the knowledge of human experts.
concludes and suggests future research directions. For example, the „Availability Requirement‟ parameter is
assigned values High, Medium, Low which do not
II. EXISTING SOLUTIONS differentiate between 0.99 availability and 0.999 availability,
External vulnerabilities databases are used by security risk both are considered high. Also, organizations might assign a
scoring systems for evaluating the risks organizations are specific availability measure as high while other organizations
facing. There are several owners of vulnerability databases might assign the same availability to medium. Parameter
[1]. Two popular systems are the Sans Internet Storm Center values are not based on the specific characteristics of the
services and The National Vulnerability Database (NVD). network. The new suggested exposure measure will be
Risk scoring systems make use of various parameters for quantitative, in contrast to current metrics.
estimating vulnerabilities‟ impacts on the target organization. According to [8] unavailability is not an option in todays‟
Risk scores are evaluated through running a scoring algorithm echo systems, given the heavy dependence of modern
while using the parameters for predicting potential attacks‟ organizations on information resources. Availability is the
damages. The Common Vulnerability Scoring System (CVSS) least discussed and researched security attribute, although it is
enables characterizing vulnerabilities and predicting risks by not the least important attribute. In fact, it plays an important
IT risk management professionals and researchers [1]. role in determining the other attributes of security
CVSS uses three groups of parameters: basic, temporal (confidentiality and integrity). According to [5] availability
and environmental. Each group is represented by score measurements should take into consideration the logical and
compound parameters used for scoring computations. Basic physical resources, to enable accessibility whenever the
parameters represent the intrinsic characteristics of the information is needed. In [8] describe the factors availability is
vulnerability, temporal parameters represent the dependent upon as software, hardware and network. A system
vulnerabilities‟ specifications that might change over time due might be exploited step by step by gaining access from the
to defense activities taken. Environmental parameters upper layers. Current models do not take into consideration
represent the characteristics of vulnerabilities as configured by those issues. The proposed model measures network exposure
the specific organization, considering potential damages to to the actual known vulnerabilities. The model considers
that organization when exploits are being used by attackers. networks‟ components exposure specifically and evaluates
Basic and temporal parameters are specified by products‟ network exposure by considering components‟
vendors who have the best knowledge of their product. interrelationships.
Environmental parameters are specified by the users who have According to Federal Information Processing Standards
the best knowledge of their environments and attacks‟ impacts (FIPS) 199.5 [9] organizations assign their IT resources
on their organization. importance measures based on component location, business
For Availability Impact (AI) evaluation CVSS uses three function using it, and potential losses in case the component is
parameters: two base parameters „Scope‟ and „Availability‟, damaged. For example, U.S. government assigns every IT
and one environmental parameter „Availability Requirements‟. asset to a group of assets called a system. Every system must
Scope refers to the ability for a vulnerability in one component be assigned three “potential impact” ratings according to three
to impact resources beyond its privileges, assigned values security objectives to represent the potential impact on the
„unchanged‟ or „changed‟. Availability parameter measures organization in case the system is compromised. Thus, every
the impact to the availability of the impacted component IT asset in the U.S. government has a potential impact rating
resulting from a successfully exploited vulnerability. with respect to security objectives. CVSS follows this general
Availability Requirement environmental parameter is assigned model but does not require organizations to use specific tools
values „high‟, „medium‟ or „low‟. Environmental parameters for assigning the impact ratings. In [10], author states that
include three groups of parameters indicating security organizations should define the specifications of security risks
importance measures in the organization: „Confidentiality of their specific environment. The Department of State has
Requirement‟, „Integrity Requirements‟ and „Availability implemented a scoring program called iPost that is intended to

400 | P a g e
www.ijacsa.thesai.org
 (IJACSA) International Journal of Advanced Computer Science and Applications,
Vol. 9, No. 4, 2018

provide continuous monitoring capabilities of information Sec - Number of links to risky nodes, which are still
security risks for IT infrastructure. According to [11], the working but have direct links to impacted nodes.
iPOST scoring model does not define the base scores of CVSS
to reflect the characteristics of its specific environment. This W – The number of arcs connected to working nodes
work presents a model aimed to close this gap. For the reader‟s convenience we shortly repeat the
Quantification of the environmental parameters in CVSS definitions in the proposed availability measures. In case,
algorithm has been recently presented in a research where the organizational network is attacked the following
demonstrating improvements in accuracy of risk scores by three network measures are suggested.
using the actual IT configuration [12]; Incorporating the 1) Damage%: Percentage of nodes impacted: range of
information relating to the actual IT components into the values is [0 to 1]. This measure represents the damage to the
scoring algorithm metrics changes the risk scores to be whole network, calculated by computing the percentage of
objective rather than subjective measures [13]. Moreover,
impacted nodes out of all nodes.
components‟ specifications are expressed in high resolution of
the smallest IT elements rather than an overall configurational 2) Dispersion: The ratio d/D‟ between d=maximal
metric which shades smaller components‟ characteristics. diameter of the impacted nodes, and D’=maximal total network
Risks quantification is based on a configuration management diameter: range of values is [0 to 1]. D' the number of links in
database system (CMDB) which makes use of systems‟ the maximal shortest path that connects between each pair of
metadata on the elementary components and their nodes; and d is the number of links in the maximal shortest
interrelationships according to security specifications (ibid). path that connects between each pair of un-impacted neighbors
This paper continues the same line of research, aimed at of the impacted nodes.
improving risk scoring accuracy in relation to existing risk 3) Concentration: The ratio of m/M between m= number
scoring models such as CVSS, by adding a quantitative metric of impacted nodes with at least 2 neighboring impacted nodes,
rather than an ordinal subjective assessment and basing
and M=total number of impacted nodes. Range of values is [0
evaluations on the specific organizations‟ configuration.
to 1]. The measure represents the proportion of the seriously
III. NETWORK EXPOSURE METRICS AND COMPUTATIONS impacted nodes. A concentration of disconnected nodes
The proposed approach produces estimates to the risk of signifies the severity of the impacts on systems‟ availability.
losing availability, meaning the risk of system malfunction or possibly leading to situations of paralyzing the impacted area.
system failure. It gives both overall network measures, as well Nodes connected to 2 or more impacted nodes might be
as risk measures for single components. An information disconnected more easily.
system is consisted of one computer operating many hardware
In case where the organization is a node in the larger
/software components, or a communication network consisting
network, and in cases of measuring the exposure of a specific
of many computers communicating between each other. The
node in an organizational network, the following three node
network is represented as a graph, components are represented
risk measures are proposed:
by nodes. Links between nodes represent information passing
between the connected nodes. Components represent hardware 1) Directs: defined as Dir/D; where D is the node degree
or software entities. Some definitions are now in order to be (number of arcs emanating from it), and Dir is the number of
used for further developments. impacted direct links: range of values is [0 to 1]. This measure
A. Definitions represents the proportion of the directly impacted links
Diameter – Minimal number of links between two points between the node and its' neighboring nodes.
defined on the edge of the network or subnetwork. 2) Seconds: defined as Sec/D where D is the node degree
(number of arcs emanating from it), and Sec is the number of
Working nodes – Uncompromised nodes links to working nodes having direct links to impacted nodes.
Impacted nodes – Compromised nodes The Seconds range of values is [0 to 1]. The measure
represents the proportion of links to working nodes which have
Impacted link – A link having at least one compromised
node. direct links to other impacted nodes. Those working nodes are
exposed now to risks in cases of a second forthcoming attack
M – Total number of impacted nodes coming from an already attacked component, thus, leading to a
m – Number of impacted nodes having at least 2 direct attack on the subject component.
neighboring impacted nodes 3) Disconnection risk: defined as (1/W), where W is the
number of arcs connected to working nodes (with the exception
d - Maximal diameter of the network generated by the
that when this number is zero (disconnection), W=1). Thus,
impacted (compromised) nodes
when only one arc is connected to a working node
D’ – Maximal total network diameter Disconnection risk =1; and when all arcs are connected to
D – Degree = Number of links emanating from a node working nodes, the Disconnection risk =1/D (where D is the
node degree). The measure represents the efforts needed by an
Dir – Number of impacted links emanating from a node attacker who wishes to disconnect a node. The proportion

401 | P a g e
www.ijacsa.thesai.org
 (IJACSA) International Journal of Advanced Computer Science and Applications,
Vol. 9, No. 4, 2018

means he needs to disconnect W links. As W is higher the Fig. 2 illustrates the example network with 20
effort are higher and the organizations' disconnection risk is computerized nodes after a second wave of attacks which
smaller. culminated with failures of nodes 9, 13, 19 (in addition to
previously failed nodes: 14, 16, and 17).
IV. ILLUSTRATION EXAMPLE
8
The following case study illustrates the suggested 1 4
12
measures, their computations, their meaning and effectiveness 18
15
and their importance. Fig. 1 describes an example network 5 9
with 20 computerized nodes after a first wave of attacks which 2 13
culminated with failures of nodes 14, 16, and 17. 19
6 10 16
8
1 4 14
12 3 20
18
15 7 11
17
5 9
2 13
19 Fig. 2. Computer Nodes Network after attack wave – 2.
6 10 16

The 20 computer nodes network example with 6 impacted

14 20
3
7
nodes (denoted by grey and dashed lines - dashed lines are
11
17 disconnected communication lines due to the hackers‟ attack).
Fig. 1. Computer Nodes Network after attack wave – 1. In Fig. 2, the network exposure measures are:

The 20 computer nodes network example with 3 impacted 1) Damage %: 6/20= 0.3 twice the number in Fig. 1.
nodes (denoted by grey and dashed lines) and dashed lines are 2) Dispersion: The diameter of the impacted nodes: 4/5
disconnected communication lines due to the hackers‟ attack. (the number of links in the maximal path that connects
minimally between each pair of un-impacted neighbors of the
In Fig. 1 the network exposure measures are:
impacted nodes) for example: 20-16-13-9-4. Diameter of 4 is
1) Damage %: Percentage of nodes impacted: 3/20= 0.15. an increase from 3 in Fig. 1.
2) Dispersion: The ratio d/D’ =3/5 = 0.6. Where d the 3) Concentration: The largest connected group of at least
diameter of the impacted nodes: 3, and D’ the network two neighboring impacted nodes = 6 which is as large as the
diameter is 5. number of impacted nodes=6. So: 6/6=1.
3) Concentration: The ratio of m/M = 3/3 = 1 the number
To illustrate the node measures for Fig. 2, we compute
of impacted nodes: 3 each is connected to the other two. measures for nodes: 20, 15, 9, 6, 3. These could be easily
To illustrate the node measures for Fig. 1, we chose to compared to the measures for Fig. 1.
compute measures for nodes: 20, 15, 9, 6, 3. For brevity
purpose we shall use: “Directs” for directly impacted For node 20: Directs = 4/4, Seconds = 0, Disconnection risk
neighbors, “Seconds” for second degree impacted neighbors, =1 (disconnected)
and “Arcs” for the degree of the non-impacted node.
For node 15: Directs = 4/6, Seconds = 2/6 (12, 18 have
For node 20: Directs = 3/4, Seconds = 1/4 (node 19 “Directs”>0), Disconnection risk =1/2
“Directs”>0), Disconnection risk =1/1=1
For node 9: Impacted.
For node 15: Directs = 2/6, Seconds = 3/6 (13, 18, 19 have
For node 6: Directs = 2/8, Seconds = 3/8 (5, 10, 11, have
“Directs”>0), Disconnection risk =1/4
“Directs”>0), Disconnection risk =1/6
For node 9: Directs = 1/5, Seconds = 1/5 (node 13 have
For node 3: Directs =0, Seconds = 1/3 (node 6 have
“Directs”>0), Disconnection risk =1/4
“Directs”>0), Disconnection risk =1/3
For node 6: Directs = 1/8, Seconds = 3/8 (10, 11, 13 have
Thus, node 9 failed, node 20 is disconnected
“Directs”>0), Disconnection risk =1/7
(Disconnection risk =1), node 15 faces high immediate and
For node 3: Directs =0, Seconds = 0, Disconnection risk =1/3 intermediate risk along with disconnection risk. Node 6 has
immediate and intermediate risk exposure, but its
It follows that immediate risk is highest for node 20 with disconnection is unlikely (Disconnection risk =1/6). Finally,
Directs=3/4 (followed by node 15), while risk evolution node 3 has small intermediate risk exposure (Seconds=1/3).
potential is highest for nodes 15 and 6 with Seconds=3/6, and
3/8, respectively, and disconnection risk is highest for node 20  Attack Evolution Analysis
(Disconnection risk =1).
Table I summarizes the node exposure metrics evolution
The example follows with hacker attack evolution as along two waves attack. Analyzing node exposure evolution
depicted in Fig. 2. might help decision makers in planning their network
mitigation activities. Looking at to Directs column might lead

402 | P a g e
www.ijacsa.thesai.org
 (IJACSA) International Journal of Advanced Computer Science and Applications,
Vol. 9, No. 4, 2018

to decision of defending node 15 which has the highest direct- For node 15: Directs = 3/6, vs. 4/6, Seconds = 3/6 vs 2/6
damage measure. Looking at the secondary-damage (12, 18 have “Directs”>0), Disconnection risk =1/3 vs. 1/2
probability might lead to defending node 15 with highest
measure, but in case we have already decided to defend it, we Thus, restoring node 16 (vs. restoring node 17) has smaller
might decide now to defend node 6. Looking at the direct risk, higher secondary risk, but more arcs meaning less
disconnection column leads to the understanding that it would disconnection risk.
be reasonable to defend node 15, but if we have already Thus, after analyzing both, network exposure and node
defended it then we will defend node 3. measures, it may be concluded that restoring node 16 has a
priority over node 17.
TABLE I. ATTACK EVOLUTION: 2-WAVES EXAMPLE
The standpoint of the authors of this paper stress that
Direct Second current risk scoring models should be enhanced regarding all
Node/wave Disconnection
impact ary impact security objectives. The enhancements should be implemented
taking several phases: First, incorporating the real
20 1 0.75 0.25 1 configurations' characteristics into the scoring model.
2 1 0 1
Secondly, transforming all the parameters defined as inputs to
15 1 0.33 0.50 0.25
the scoring model as quantitative measures reflecting the
2 0.67 0.33 0.50 actual organization environment rather than ordinal subjective
users‟ assessments. Thirdly, scoring models should define new
9 1 0.20 metrics expressing all risk objectives, relating to a whole
0.20 0.25
2 impacted environment rather than a specific component. The models
should define the characteristics of a whole network and all
6 1 0.125 0.375 0.14 interrelationships between the network and each of its internal
2 0.25 0.125 0.17 components. Current scoring models do not support modeling
the characteristics of the whole network, as has been shown in
3 1 0 0 0.33 this research, dealing with the availability security measure.
2 0 0.33 0.33 This is just one first example. The fourth phase should include
metrics considering the time dimension such as this paper
These measures help decision makers in prevention suggests: measuring the development of damages caused to a
planning activities. For example, node 20 would be very network as a continuous attack spreading in the different
interested in adding a link to node 15, or 12. zones of the network. Such time-related measures should
incorporate more complex graph-theory models and prediction
Moreover, the new measures could help in restoration
algorithms looking at the historical network changes.
priorities. The impacts of restoring alternative nodes could
now be simulated. For example, suppose that the resources for V. CONCLUSIONS
restoration are limited to one node at a time. Comparing
alternatives would be an efficient decision support tool. For This work presents a risk assessment model with a focus
example, in Fig. 2: comparing restoration of node 16 to node on new availability risk measures, measuring the network
17 yields the following measures, referring to Fig. 2. A single security and node security, as part of an overall risk
restoration would change the number of impacted nodes from assessment. According to the proposed model, CVSS will use
6 to 5 and the impacts on network measures are relatively the new network exposure environmental parameters which
small: are evaluated using a new formula based on the configuration
of the system. The new measures are quantitative, normalized
For restoring node 16 – network measures: Damage % to [0..1] and based on the actual networks‟ configuration. This
=5/20; Dispersion=4/5; Concentration=4/6 is contrary to the existing models which do not measure the
For restoring node 17– network measures: Damage impacts of network exposure on the overall risk, but consider
%=5/20; Dispersion=4/5; Concentration=5/6. networks‟ configuration implicitly relying on intuitive users‟
subjective assessment.
Thus, analyzing network exposure measures leads to a
decision to restore node 16. Regarding the practical use of the theoretic results, the
model helps risk managers in assessing the damages caused to
Let‟s see now the impacts on the neighboring nodes. firms‟ components in occasions of cyber-attacks. Using the
proposed model will enable predicting accurate measures of
The impact of restoration is always on specific organizational damages taking in consideration components‟
neighboring nodes. So, for restoring node 16 vs. 17: the actual characteristics and the availability exposure of the
neighboring node of 16 and 17 are nodes 20 and 15. The network as an integrated entity. The suggested model enables
measures for node 20 are the same, but for node 15 the efficient risk mitigation planning and improved defense to
measures are in favor of 16. organizations. Risk managers will be able to assign risk
For node 20: Directs = 3/4, vs. 3/4, Seconds = 1 vs. 1, budgets according to accurate and actual risk measures, thus
Disconnection risk =1 vs. 1 focusing on the high-priority risks, and preventing
unnecessary budgets to low-order risks.

403 | P a g e
www.ijacsa.thesai.org
 (IJACSA) International Journal of Advanced Computer Science and Applications,
Vol. 9, No. 4, 2018

The new network exposure metrics enable customizing the Future improvements may focus on building a full dash-
CVSS score to the characteristics of the attacked IT asset, its board of system exposure metrics from its component
interrelationships to other assets, and the exposure measures.
characteristics of the network on the damages to user‟s
organization. According to the proposed model, a formula More research is needed in studying the impacts of the
which assigns quantitative measures to exposures‟ impacts various proposed network exposure measures on the overall
based on the actual updated vulnerabilities of the specific security risk score.
component. The proposed model outlines the structure of a REFERENCES
CMS which uses the real organizational environment and [1] P. Mell, & K. Scarfone, & S. Romanosky, "CVSS – Common
components, and the processes which update the network Vulnerability Scoring System v3.0: Specification Document", FIRST
exposure parameters with the planned and actual values. The Org, 2015.
framework enables getting accurate risk measures, thus [2] Y.F. Nũez, "Maximizing an organizations' security posture by
distributedly assessing and remeding system vulnerabilities", IEEE –
enabling the organization making better risk management International Conference on Networking, Sensing and Control, China,
decisions, allocating risk management budgets in proportion to April 6-8, 2008.
the risks. [3] S. Tom, & D. Berrett, "Recommended practice for patch management of
control systems", DHS National Cyber Security Division Control
Limitations of the study are related to two issues: First is Systems Security Program, 2008.
the feasibility of a managing a graph describing the real-time [4] A. Terje, & R. Ortwin., "On risk defined as an event where the outcome
status of each component and its interrelationships to other is uncertain", Journal of Risk Research Vol. 12, 2009.
components, including all security characteristics. Such a [5] D. Khazanchi, & A.P. Martin, Information Availability: Handbook of
graph might be difficult to update at every attack or Research on Information Security and Assurance, 2008.
configuration-change. Second limitation refers to the various [6] E. Weintraub., "Security Risk Scoring Incorporating Computers'
connections possible between two nodes. It is reasonable to Environment", (IJACSA) International Journal of Advanced Computer
assume that not all connections enable transferring the cyber- Science and Applications, Vol. 7(4), April 2016.
attack to other nodes. It is possible to assume that there are [7] B. Carpenter, "The Internet Engineering Task Force. Overview,
connection-types that do not transfer the attacker to other Activities, Priorities". IETF Report to ISOC BoT, Oct. 2006.
connected nodes. This issue is a limitation of the current [8] S. Qadir, & S.M.K. Quadri, "Information Availability: An insight into
the most important Attributes of Information security", Journal of
model and also a research issue. Information Security, pp. 185-195, 2016.
Further research directions are: [9] K. Dempsey, & N.S. Chawia, & A. Johnson, & R. Johnson, & A.C.
Jones, & A. Orebaugh, & M. Scholl, & K. Stine, "Information security
 Designing ways of incorporating the new availability continuous monitoring (ISCM) for federal information systems and
metrics in CVSS framework. organizations", NIST, 2011.
[10] R. Sandhu, & D. Ferraiolo, & R. Kuhn, "The NIST Model for Role-
 Algorithm formalization including complexity measures Based Access Control: Towards A Unified Standard", George Mason
calculations. Univ., 1999.
[11] A. Keller., & S. Subramanianm., "Best practices for deploying a CMDB
 Using more expressive graph models to represent in large-scale environments", Proceedings of the IFIP/IEEE
varying node-types and varying connections among International conference and Symposium on Integrated Network
network nodes. It is reasonable to assume that certain Management, pages 732-745, NJ, IEEE Press Piscataway, 2009.
connections may have more impact on the damages [12] E. Weintraub, "Evaluating Damage Potential in Security Risk Scoring
Models", International Journal of Advanced Computer Science and
caused to neighboring nodes. Applications (IJACSA), 7(5), 2016.
 Further development of the algorithm to calculate N- [13] E. Weintraub, Y.Cohen, “Security Risk Assessment of Cloud
wave metrics and measures predictions of the N value Computing Services in a Ne tworked Environment” International
Journal of Advanced Computer Science and Applications (IJACSA),
at which the whole network will be paralyzed. 7(11), 2016, 79-90.
 Research aimed at predicting attack evolution for
decisions concerning mitigation activities for the long
run of future attacks.

404 | P a g e
www.ijacsa.thesai.org