Abstract
Systems security is essential for the efficient operation of all organizations. Indeed, most large firms employ a designated ‘Chief Information Security Officer’ to coordinate the operational aspects of the organization’s information security. Part of this role is in planning investment responses to information security threats against the firm’s corporate network infrastructure. To this end, we develop and estimate a vector equation system of threats to 10 important IP services, using industry standard SANS data on threats to various components of a firm’s information system over the period January 2003 – February 2011. Our results reveal strong evidence of contagion between such attacks, with attacks on ssh and Secure Web Server indicating increased attack activity on other ports. Security managers who ignore such contagious inter-relationships may underestimate the underlying risk to their systems’ defence of security attributes, such as sensitivity and criticality, and thus delay appropriate information security investments.
Acknowledgements
We are grateful to Yacine Aït-Sahalia and Jean Jacod for the Matlab code used in the estimation procedure for the system described for EquationEquations (19), Equation(18)
and Equation(17)
, the full derivation of the estimator is provided on pages 45–47 of Aït-Sahalia et al (2010). The data and codes used in this paper are available from the authors’ websites.
Notes
1 See http://nvd.nist.gov
2 Port scanning is a technique whereby an attacker probes ports, access points, on a network. Early port scanning looked for open ports to access a part of the network; however, modern techniques involve actively probing for out-of-date port protection to exploit vulnerabilities in closed or encrypted ports.
3 In general, G(τ) need not be positive semi-definitive, because of the existence of possible asymmetric responses in the intensity process. In the case that G(τ) is positive semi-definite then the resulting eigenvectors are the weights of a set of orthogonal processes that are interpretable as principal components.
4 The data, routines, and all the pivotal statistics for the parameter estimates are available from the authors’ webpage.