During system development,implementation and operation,vulnerability database technique is necessary to system security;there are many vulnerability databases but a lack of quality standardization and general evaluati...During system development,implementation and operation,vulnerability database technique is necessary to system security;there are many vulnerability databases but a lack of quality standardization and general evaluation method are needed.this paper summarized current international popular vulnerability databases,systematically introduced the present situation of current vulnerability databases,and found the problems of vulnerability database technology,extracted common metrics by analyzing vulnerability data of current popular vulnerability databases,introduced 4 measure indexes:the number scale of vulnerabilities,the independence level,the standardization degree and the integrity of vulnerability description,proposed a method for vulnerability database quantitative evaluation using SCAP protocol and corresponding standard,analyzed a large number of vulnerabilities in current popular vulnerability database,quantitative evaluated vulnerability database by the law of normal distribution,the experimental results show this method has strong versatility and science,and it is beneficial to improve the quality and standardization construction for vulnerability database development.展开更多
This paper examines how cybersecurity is developing and how it relates to more conventional information security. Although information security and cyber security are sometimes used synonymously, this study contends t...This paper examines how cybersecurity is developing and how it relates to more conventional information security. Although information security and cyber security are sometimes used synonymously, this study contends that they are not the same. The concept of cyber security is explored, which goes beyond protecting information resources to include a wider variety of assets, including people [1]. Protecting information assets is the main goal of traditional information security, with consideration to the human element and how people fit into the security process. On the other hand, cyber security adds a new level of complexity, as people might unintentionally contribute to or become targets of cyberattacks. This aspect presents moral questions since it is becoming more widely accepted that society has a duty to protect weaker members of society, including children [1]. The study emphasizes how important cyber security is on a larger scale, with many countries creating plans and laws to counteract cyberattacks. Nevertheless, a lot of these sources frequently neglect to define the differences or the relationship between information security and cyber security [1]. The paper focus on differentiating between cybersecurity and information security on a larger scale. The study also highlights other areas of cybersecurity which includes defending people, social norms, and vital infrastructure from threats that arise from online in addition to information and technology protection. It contends that ethical issues and the human factor are becoming more and more important in protecting assets in the digital age, and that cyber security is a paradigm shift in this regard [1].展开更多
基金This work is supported by the National Key R&D Program of China under Grants 2017YFB 0802300The National Natural Science Fund(No.0901065614001).
文摘During system development,implementation and operation,vulnerability database technique is necessary to system security;there are many vulnerability databases but a lack of quality standardization and general evaluation method are needed.this paper summarized current international popular vulnerability databases,systematically introduced the present situation of current vulnerability databases,and found the problems of vulnerability database technology,extracted common metrics by analyzing vulnerability data of current popular vulnerability databases,introduced 4 measure indexes:the number scale of vulnerabilities,the independence level,the standardization degree and the integrity of vulnerability description,proposed a method for vulnerability database quantitative evaluation using SCAP protocol and corresponding standard,analyzed a large number of vulnerabilities in current popular vulnerability database,quantitative evaluated vulnerability database by the law of normal distribution,the experimental results show this method has strong versatility and science,and it is beneficial to improve the quality and standardization construction for vulnerability database development.
文摘This paper examines how cybersecurity is developing and how it relates to more conventional information security. Although information security and cyber security are sometimes used synonymously, this study contends that they are not the same. The concept of cyber security is explored, which goes beyond protecting information resources to include a wider variety of assets, including people [1]. Protecting information assets is the main goal of traditional information security, with consideration to the human element and how people fit into the security process. On the other hand, cyber security adds a new level of complexity, as people might unintentionally contribute to or become targets of cyberattacks. This aspect presents moral questions since it is becoming more widely accepted that society has a duty to protect weaker members of society, including children [1]. The study emphasizes how important cyber security is on a larger scale, with many countries creating plans and laws to counteract cyberattacks. Nevertheless, a lot of these sources frequently neglect to define the differences or the relationship between information security and cyber security [1]. The paper focus on differentiating between cybersecurity and information security on a larger scale. The study also highlights other areas of cybersecurity which includes defending people, social norms, and vital infrastructure from threats that arise from online in addition to information and technology protection. It contends that ethical issues and the human factor are becoming more and more important in protecting assets in the digital age, and that cyber security is a paradigm shift in this regard [1].
