Measuring Security Practices

被引：1

作者：

DeKoven, Louis F. ^{[1
]}

Randall, Audrey ^{[1
]}

Mirian, Ariana ^{[1
]}

Akiwate, Gautam ^{[1
]}

Blume, Ansel ^{[1
]}

Saul, Lawrence K. ^{[1
]}

Schulman, Aaron ^{[1
]}

Voelker, Geoffrey M. ^{[1
]}

Savage, Stefan ^{[1
]}

机构：

[1] Univ Calif San Diego, San Diego, CA 92103 USA

来源：

COMMUNICATIONS OF THE ACM | 2022年 / 65卷 / 09期

关键词：

This work was supported in part by NSF grants CNS-1629973 and CNS-1705050; DHS grant AFRL-FA8750-18-2-0087; and the Irwin Mark and Joan Klein Jacobs Chair in Information and Computer Science;

D O I：

10.1145/3547133

中图分类号：

TP3 [计算技术、计算机技术];

学科分类号：

0812 ;

摘要：

Users are encouraged to adopt a wide array of technologies and behaviors to reduce their security risk. However, the adoption of these "best practices," ranging from the use of antivirus products to keeping software updated, is not well understood, nor is their practical impact on security risk well established. To explore these issues, we conducted a large-scale measurement of 15,000 computers over six months. We use passive monitoring to infer and characterize the prevalence of various security practices as well as a range of other potentially security-relevant behaviors. We then explore the extent to which differences in key security behaviors impact the real-world outcomes (i.e., that a device shows clear evidence of having been compromised).

引用

页码：93 / 102

页数：10

共 50 条

[1] Measuring Security Practices and How They Impact Security
DeKoven, Louis F.
Randall, Audrey
Mirian, Ariana
Akiwate, Gautam
Blume, Ansel
Saul, Lawrence K.
Schulman, Aaron
Voelker, Geoffrey M.
Savage, Stefan
[J]. IMC'19: PROCEEDINGS OF THE 2019 ACM INTERNET MEASUREMENT CONFERENCE, 2019, : 36 - 49
[2] Measuring user satisfaction with information security practices
Zimmermann Montesdioca, Gustavo Percio
Gastaud Magada, Antonio Carlos
[J]. COMPUTERS & SECURITY, 2015, 48 : 267 - 280
[3] Measuring Security
Bilbao, Alfonso
Bilbao, Enrique
[J]. 2013 47TH INTERNATIONAL CARNAHAN CONFERENCE ON SECURITY TECHNOLOGY (ICCST), 2013,
[4] Measuring Security
Stolfo, Sal
Bellovin, Steven M.
Evans, David
[J]. IEEE SECURITY & PRIVACY, 2011, 9 (03) : 60 - 65
[5] Measuring job security
Nardone, T
Veum, J
Yates, J
[J]. MONTHLY LABOR REVIEW, 1997, 120 (06) : 26 - 33
[6] Security Practices in DevOps
Rahman, Akond Ashfaque Ur
Williams, Laurie
[J]. SYMPOSIUM AND BOOTCAMP ON THE SCIENCE OF SECURITY, 2016, : 109 - 111
[7] Measuring Application Security
Horn, Christopher
D'Amico, Anita
[J]. ADVANCES IN HUMAN FACTORS IN CYBERSECURITY, AHFE 2018, 2019, 782 : 44 - 55
[8] Measuring systems security
Bayuk, Jennifer
Mostashari, Ali
[J]. SYSTEMS ENGINEERING, 2013, 16 (01) : 1 - 14
[9] SYSTEM SECURITY PRACTICES
不详
[J]. IEEE TRANSACTIONS ON POWER APPARATUS AND SYSTEMS, 1979, 98 (04): : 1147 - 1147
[10] Measuring management practices
Delis, Manthos D.
Tsionas, Mike G.
[J]. INTERNATIONAL JOURNAL OF PRODUCTION ECONOMICS, 2018, 199 : 65 - 77

← 1 2 3 4 5 →