IJIET 2011 Vol.1(3): 206-211 ISSN: 2010-3689
DOI: 10.7763/IJIET.2011.V1.34

ECAT: A CCSS-Based Tool for Enterprise-level System Configuring Automation and Assessment

Bin Wu and Andy Ju An Wang

Abstract—The Common Configuration Scoring System (CCSS) is a set of metrics to evaluate the security level of the severity of software security configuration issues. It is time consuming to generate a CCSS score for a computer system as it requires a large amount of manual operations to perform the evaluation on a machine. As a consequence, it is not practical for a system administrator to evaluate all the machines on an enterprise network one by one with CCSS metrics. This paper proposes a new approach to evaluate security configuration issues at enterprise level. Our solution provides a centralized management framework to remotely monitor and assess the security scores of individual machines on the network. Finally, we provide a set of well defined metrics to evaluate the security influence of the configuration issues at enterprise level. Experiments on a small e-commerce company have demonstrated the great potential of our solution and prototype tool.

Index Terms—ECAT, Enterprise-level Security, Security Metrics, Configuration Evaluation, CCSS.

Bin WU and Andy Ju An WANG, Southern Polytechnic State University, GA, USA

[PDF]

Cite: Bin Wu and Andy Ju An Wang, "ECAT: A CCSS-Based Tool for Enterprise-level System Configuring Automation and Assessment," International Journal of Information and Education Technology vol. 1, no. 3, pp. 206-211, 2011.

General Information

  • ISSN: 2010-3689 (Online)
  • Abbreviated Title: Int. J. Inf. Educ. Technol.
  • Frequency: Monthly
  • DOI: 10.18178/IJIET
  • Editor-in-Chief: Prof. Dr. Steve Thatcher
  • Executive Editor: Ms. Nancy Y. Liu
  • Abstracting/ Indexing: Scopus (Since 2019), EI(INSPEC, IET), EBSCO, Electronic Journals Library, Google Scholar, Crossref, etc.
  • E-mail: ijiet@ejournal.net