International Journal of
Information and Education Technology

Editor-In-Chief: Prof. Jon-Chao Hong
Frequency: Monthly
ISSN: 2010-3689 (Online)
E-mali: editor@ijiet.org
Publisher: IACSIT Press
 

OPEN ACCESS
3.2
CiteScore

IJIET 2011 Vol.1(3): 206-211 ISSN: 2010-3689
DOI: 10.7763/IJIET.2011.V1.34

ECAT: A CCSS-Based Tool for Enterprise-level System Configuring Automation and Assessment

Bin Wu and Andy Ju An Wang

Abstract—The Common Configuration Scoring System (CCSS) is a set of metrics to evaluate the security level of the severity of software security configuration issues. It is time consuming to generate a CCSS score for a computer system as it requires a large amount of manual operations to perform the evaluation on a machine. As a consequence, it is not practical for a system administrator to evaluate all the machines on an enterprise network one by one with CCSS metrics. This paper proposes a new approach to evaluate security configuration issues at enterprise level. Our solution provides a centralized management framework to remotely monitor and assess the security scores of individual machines on the network. Finally, we provide a set of well defined metrics to evaluate the security influence of the configuration issues at enterprise level. Experiments on a small e-commerce company have demonstrated the great potential of our solution and prototype tool.

Index Terms—ECAT, Enterprise-level Security, Security Metrics, Configuration Evaluation, CCSS.

Bin WU and Andy Ju An WANG, Southern Polytechnic State University, GA, USA

[PDF]

Cite: Bin Wu and Andy Ju An Wang, "ECAT: A CCSS-Based Tool for Enterprise-level System Configuring Automation and Assessment," International Journal of Information and Education Technology vol. 1, no. 3, pp. 206-211, 2011.

Article Metrics in Dimensions

Menu