Computer network attacks can take many forms and any one attack may include many security events of different types. Security events are anomalous network conditions each of which may cause an anti-security effect to a computer network. Security events include stealing confidential or private information; producing network damage through mechanisms such as viruses, worms, or Trojan horses; overwhelming the network's capability in order to cause denial of service, and so forth.
Network security risk-assessment tools, i.e. “scanners,” may be used by a network manager to simulate an attack against computer systems via a remote connection. Such scanners can probe for network weaknesses by simulating certain types of security events that make up an attack. Such tools can also test user passwords for suitability and security. Moreover, scanners can search for known types of security events in the form of malicious programs such as viruses, worms, and Trojan horses.
One approach for predicatively assessing network vulnerabilities is described in a doctoral thesis entitled A Domain Model for Evaluating Enterprise Security by Martin Carmichael, Colorado Technical University (Colorado Springs), September 2001. One implementation of this approach has involved calculating metrics for confidentiality by summing, for the various software processes running in an enterprise, i) the arithmetic sum of constants assigned based on network, security level, invokes, and Trojan characteristics, ii) the sum of constants assigned based on encryption, configuration, invokes, privileges, and authentication characteristics multiplied by a weighting constant that reflected the relative impact of these characteristics on confidentiality, iii) a constant assigned based on the nature of the host, iv) a constant assigned based on the nature of technical controls (e.g., patch management or hard drive re-imaging), and v) a constant associated with administrative controls (e.g., security controls under ISO 17799). Values for integrity, audit and accountability were measured according to the same protocol, but with different software characteristics (including those additional characteristics shown in Table 1) were multiplied by different weighting variables depending on their relative contribution to the risk metric at issue. Values for controls were assigned based on industry experience with the extent to which a control affected overall risk and/or answers to surveys such as ISO17799 and DITSCAP surveys.