TY - GEN
T1 - Vulnerability assessment, remediation, and automated reporting
T2 - 16th IEEE International Conference on Intelligence and Security Informatics, ISI 2018
AU - Harrell, Christopher R.
AU - Patton, Mark
AU - Chen, Hsinchun
AU - Samtani, Sagar
N1 - Funding Information:
ACKNOWLEDGMENT This material is based upon work supported in part by the National Science Foundation (NSF) DUE-1303362 (Scholarship-for-Service) and SES-1314631 (Secure and Trustworthy Cyberspace).
Publisher Copyright:
© 2018 IEEE.
PY - 2018/12/24
Y1 - 2018/12/24
N2 - Scientific advances of higher education institutions make them attractive targets for malicious cyber-attacks. Modern scanners such as Nessus and Burp can pinpoint an organization's vulnerabilities for subsequent mitigation. However, the remediation reports generated from the tools often cause significant information overload while failing to provide actionable solutions. Consequently, higher education institutions lack the appropriate knowledge to improve their cybersecurity posture. In this study, we conduct a large-scale vulnerability assessment of 272 higher education institutions. From the results, we identified vulnerabilities that fail to provide comprehensive remediation strategies. Selected flaws are recreated and remediated in a virtual environment to develop enhanced, automated reporting mechanisms that provide succinct reports to enable the efficient vulnerability remediation. Our enhanced reports address 27.80% of vulnerabilities found in scanned higher education institutions.
AB - Scientific advances of higher education institutions make them attractive targets for malicious cyber-attacks. Modern scanners such as Nessus and Burp can pinpoint an organization's vulnerabilities for subsequent mitigation. However, the remediation reports generated from the tools often cause significant information overload while failing to provide actionable solutions. Consequently, higher education institutions lack the appropriate knowledge to improve their cybersecurity posture. In this study, we conduct a large-scale vulnerability assessment of 272 higher education institutions. From the results, we identified vulnerabilities that fail to provide comprehensive remediation strategies. Selected flaws are recreated and remediated in a virtual environment to develop enhanced, automated reporting mechanisms that provide succinct reports to enable the efficient vulnerability remediation. Our enhanced reports address 27.80% of vulnerabilities found in scanned higher education institutions.
KW - Higher education
KW - National Vulnerability Database
KW - Nessus
KW - Shodan
KW - Vulnerability assessment
UR - http://www.scopus.com/inward/record.url?scp=85061049838&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85061049838&partnerID=8YFLogxK
U2 - 10.1109/ISI.2018.8587380
DO - 10.1109/ISI.2018.8587380
M3 - Conference contribution
AN - SCOPUS:85061049838
T3 - 2018 IEEE International Conference on Intelligence and Security Informatics, ISI 2018
SP - 148
EP - 153
BT - 2018 IEEE International Conference on Intelligence and Security Informatics, ISI 2018
A2 - Lee, Dongwon
A2 - Mezzour, Ghita
A2 - Kumaraguru, Ponnurangam
A2 - Saxena, Nitesh
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 9 November 2018 through 11 November 2018
ER -