Abstract—The Common Configuration Scoring System (CCSS) is a set of metrics to evaluate the security level of the severity of software security configuration issues. It is time consuming to generate a CCSS score for a computer system as it requires a large amount of manual operations to perform the evaluation on a machine. As a consequence, it is not practical for a system administrator to evaluate all the machines on an enterprise network one by one with CCSS metrics. This paper proposes a new approach to evaluate security configuration issues at enterprise level. Our solution provides a centralized management framework to remotely monitor and assess the security scores of individual machines on the network. Finally, we provide a set of well defined metrics to evaluate the security influence of the configuration issues at enterprise level. Experiments on a small e-commerce company have demonstrated the great potential of our solution and prototype tool.
Index Terms—ECAT, Enterprise-level Security, Security Metrics, Configuration Evaluation, CCSS.
Bin WU and Andy Ju An WANG, Southern Polytechnic State University, GA, USA
Cite: Bin Wu and Andy Ju An Wang, "ECAT: A CCSS-Based Tool for Enterprise-level System Configuring Automation and Assessment," International Journal of Information and Education Technology vol. 1, no. 3, pp. 206-211, 2011.