Network Security Risk Level Estimation Tool for Information Security Measure

摘要

Prevention is better than cure", in every way we can think of, Information security is not different. We all know networks are vulnerable, but we all don't know where and how; that's why risks assessment comes in. This paper designed and implemented a unified and intelligent tool for quantitative security risk level measurement of an organization. Development of Network Security Risk Level Estimation Tool (NSRLET) involves two steps; construction of vulnerability analysis database and measurement of security risk level of organization. Analysis of organization's network environment using automated tool resulted vulnerability database. For risk level estimation a new approach is proposed that identifies the probability of attacks in user's network environment. The proposed tool is evaluated in Vikram University Ujjain, India's computing environment for security risks measurement. The tool predicts the probability of exploit and computes the risk level to improve security of existing system and to minimize adverse effect from these probable exploits. The proposed approach for risk level estimation can be used to assess how much one should believe in system trustworthiness.