Talks and Poster Presentations (with Proceedings-Entry):
E. Weippl, S. Fenz, A. Ekelhart:
"Fortification of IT security by automatic security advisory processing";
Talk: 22nd International Conference on Advanced Information Networking and Applications AINA 2008,
- 2008-03-28; in: "Proceedings of the 22nd International Conference on Advanced Information Networking and Applications",
IEEE Computer Society,
The past years have seen the rapid increase of security related incidents in the field of information technology. IT infrastructures in the commercial as well as in the governmental sector are becoming evermore heterogeneous which increases the complexity of handling and maintaining an adequate security level. Especially organizations which are hosting and processing highly sensitive data are obligated to establish a holistic company-wide security approach. We propose a novel security concept to reduce this complexity by automatic assessment of security advisories. A central entity collects vulnerability information from various sources, converts it into a standardized and machine-readable format and distributes it to its subscribers. The subscribers are then able to automatically map the vulnerability information to the ontological stored infrastructure data to visualize newly-discovered software vulnerabilities.The automatic analysis of vulnerabilities decreases response times and permits precise response to new threats and vulnerabilities, thus decreasing the administration complexity and increasing the IT security level.
Design, Management, Security
"Official" electronic version of the publication (accessed through its Digital Object Identifier - DOI)
Project Head A Min Tjoa:
Created from the Publication Database of the Vienna University of Technology.