TY - GEN
T1 - An approach to the automated determination of host information value
AU - Beaver, Justin M.
AU - Patton, Robert M.
AU - Potok, Thomas E.
PY - 2011
Y1 - 2011
N2 - Enterprise networks are comprised of thousands of interconnected computer hosts, each of which is capable of creating, removing, and exchanging data according to the needs of their users. Thus, the distribution of high-value, sensitive, and proprietary information across enterprise networks is poorly managed and understood. A significant technology gap in information security is the inability to automatically quantify the value of the information contained on each host in a network. Such insight would allow an enterprise to scale its defenses, react intelligently to an intrusion, manage its configuration audits, and understand the leak potential in the event that a host is compromised. This paper outlines a novel approach to the automated determination of the value of the information contained on a host computer. It involves the classification of each text document on the host machine using the frequency of the document's terms and phrases. A host information value is computed using an enterprise-defined weighting schema and applying it to a host's document distribution. The method is adaptable to specific organizational information needs, requires manual intervention only during schema creation, and is repeatable and consistent regardless of changes in information on the host machines.
AB - Enterprise networks are comprised of thousands of interconnected computer hosts, each of which is capable of creating, removing, and exchanging data according to the needs of their users. Thus, the distribution of high-value, sensitive, and proprietary information across enterprise networks is poorly managed and understood. A significant technology gap in information security is the inability to automatically quantify the value of the information contained on each host in a network. Such insight would allow an enterprise to scale its defenses, react intelligently to an intrusion, manage its configuration audits, and understand the leak potential in the event that a host is compromised. This paper outlines a novel approach to the automated determination of the value of the information contained on a host computer. It involves the classification of each text document on the host machine using the frequency of the document's terms and phrases. A host information value is computed using an enterprise-defined weighting schema and applying it to a host's document distribution. The method is adaptable to specific organizational information needs, requires manual intervention only during schema creation, and is repeatable and consistent regardless of changes in information on the host machines.
KW - cyber security risk management
KW - document classification
KW - host information value
KW - information asset profiling
KW - security informatics
UR - http://www.scopus.com/inward/record.url?scp=79961197940&partnerID=8YFLogxK
U2 - 10.1109/CICYBS.2011.5949398
DO - 10.1109/CICYBS.2011.5949398
M3 - Conference contribution
AN - SCOPUS:79961197940
SN - 9781424499069
T3 - IEEE SSCI 2011: Symposium Series on Computational Intelligence - CICS 2011: 2011 IEEE Symposium on Computational Intelligence in Cyber Security
SP - 92
EP - 99
BT - IEEE SSCI 2011
T2 - Symposium Series on Computational Intelligence, IEEE SSCI2011 - 2011 IEEE Symposium on Computational Intelligence in Cyber Security, CICS 2011
Y2 - 11 April 2011 through 15 April 2011
ER -