Skip to main content
SpringerLink
Log in

Design and Implementation of a Self-growth Security Baseline Database for Automatic Security Auditing

  • Conference paper
Advances in Intelligent Systems and Applications - Volume 2

Part of the book series: Smart Innovation, Systems and Technologies ((SIST,volume 21))

  • 2895 Accesses

Abstract

As the security consciousness rising, information security audit has become an important issue nowadays. This circumstance makes the security audit baseline database a crucial research domain. In this paper, we proposed a security baseline database to assist information security auditors to maintain the security update patch baseline automatically with the help of the Microsoft knowledge base and automatic audit process. A practical implementation demonstrates that the proposed structure is both useful and effective.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 259.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 329.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 329.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Fu, Y.P., Farn, K.J., Yang, C.H.: CORAS for the Research of ISAC. In: 2008 International Conference on Convergence and Hybrid Information Technology (ICHIT 2008), August 28-30, pp.250–256 (2008)

    Google Scholar 

  2. Aagedal, J.O., den Braber, F., Dimitrakos, T., Gran, B.A., Raptis, D., Stolen, K.: Model-based risk assessment to improve enterprise security. In: 2002 Sixth International Conference on Enterprise Distributed Object Computing (EDOC 2002), pp. 51–62 (2002)

    Google Scholar 

  3. Microsort Support Center, Security Bulletin, http://technet.microsoft.com/en-us/security/bulletin

  4. “Vulnerability Type Distributions in CVE” MITRE (May 2007), http://cve.mitre.org/docs/vuln-trends/vuln-trends.pdf

  5. The Common Vulnerability Scoring System, http://www.first.org/cvss/

  6. Ouedraogo, M., Mouratidis, H., Khadraoui, D., Dubois, E.: Security Assurance Metrics and Aggregation Techniques for IT Systems. In: 2009 Fourth International Conference on Internet Monitoring and Protection (ICIMC 2009), May 24-28, pp. 98–102 (2009)

    Google Scholar 

  7. Bhilare, D.S., Ramani, A.K., Tanwani, S.: Information Security Risk Assessment and Pointed Reporting: Scalable Approach. In: 2009 International Conference on Computer Engineering and Technology (ICCET 2009), January 22-24, vol. 1, pp. 365–370 (2009)

    Google Scholar 

  8. Ryan, J.J.C., Ryan, D.J.: Performance Metrics for Information Security Risk Management. IEEE Security & Privacy 6(5), 38–44 (2008)

    Article  Google Scholar 

  9. Qu, W., Zhang, D.Z.: Security Metrics Models and Application with SVM in Information Security Management. In: 2007 International Conference on Machine Learning and Cybernetics, August 19-22, vol. 6, pp. 3234–3238 (2007)

    Google Scholar 

  10. Peterson, G.: Introduction to identity management risk metrics. IEEE Security & Privacy 4(4), 88–91 (2006)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Electrical Engineering, National Taiwan University, No. 1, Sec. 4, Roosevelt Rd., 106, Taipei, Taiwan

    Chien-Ting Kuo, He-Ming Ruan, Shih-Jen Chen & Chin-Laung Lei

  2. Institute for Information Industry, CyberTrust Technology Institute, 105, Taipei, Taiwan

    Shih-Jen Chen

Authors
  1. Chien-Ting Kuo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. He-Ming Ruan
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Shih-Jen Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Chin-Laung Lei
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Chien-Ting Kuo .

Editor information

Editors and Affiliations

  1. of Applied Sciences, Department of Electronic Engineering, National Kaohsiung University, Jiàngōng Road, Kaohsiung, 807, Taiwan R.O.C.

    Jeng-Shyang Pan

  2. , Department of Computer Science and, National Dong Hwa University, #1, Sec. 2, Da Hsueh Rd., Hualien, Taiwan R.O.C.

    Ching-Nung Yang

  3. , Department of Computer Science and, Providence University, #200, Chung-shi Rd., Taichung, Taiwan R.O.C.

    Chia-Chen Lin

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kuo, CT., Ruan, HM., Chen, SJ., Lei, CL. (2013). Design and Implementation of a Self-growth Security Baseline Database for Automatic Security Auditing. In: Pan, JS., Yang, CN., Lin, CC. (eds) Advances in Intelligent Systems and Applications - Volume 2. Smart Innovation, Systems and Technologies, vol 21. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-35473-1_19

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-35473-1_19

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-35472-4

  • Online ISBN: 978-3-642-35473-1

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation