Welcome to the InfoSci Platform
Risk Assessment and Real Time Vulnerability Identification in IT Environments

Risk Assessment and Real Time Vulnerability Identification in IT Environments

Laerte Peotta de Melo, Paulo Roberto de Lira Gondim
Copyright: © 2012 |Pages: 25
ISBN13: 9781613505076|ISBN10: 1613505078|EISBN13: 9781613505083
DOI: 10.4018/978-1-61350-507-6.ch009
Cite Chapter Cite Chapter

MLA

Peotta de Melo, Laerte, and Paulo Roberto de Lira Gondim. "Risk Assessment and Real Time Vulnerability Identification in IT Environments." Information Assurance and Security Technologies for Risk Assessment and Threat Management: Advances, edited by Te-Shun Chou, IGI Global, 2012, pp. 229-253. https://doi.org/10.4018/978-1-61350-507-6.ch009

APA

Peotta de Melo, L. & Gondim, P. R. (2012). Risk Assessment and Real Time Vulnerability Identification in IT Environments. In T. Chou (Ed.), Information Assurance and Security Technologies for Risk Assessment and Threat Management: Advances (pp. 229-253). IGI Global. https://doi.org/10.4018/978-1-61350-507-6.ch009

Chicago

Peotta de Melo, Laerte, and Paulo Roberto de Lira Gondim. "Risk Assessment and Real Time Vulnerability Identification in IT Environments." In Information Assurance and Security Technologies for Risk Assessment and Threat Management: Advances, edited by Te-Shun Chou, 229-253. Hershey, PA: IGI Global, 2012. https://doi.org/10.4018/978-1-61350-507-6.ch009

Export Reference

Mendeley
Favorite

Abstract

Contrary to static models of risk analysis, the authors propose a pro-active framework for identifying vulnerabilities and assessing risk in real-time. Instead of searching for vulnerabilities from an external point of view, where the information is obtained by simply exploring a digital asset (computational system composed of hardware and software), the authors propose that software agents (sensors) capable of providing application, configuration and location information be incorporated into assets. Any observed changes, such as physical location, software update or installation, hardware modifications, changes in security policy and others, will be immediately reported by the agent, in a pro-active manner, to a central repository. It is possible to assess risk in a certain environment comparing databases of rules and known vulnerabilities with information about each asset, collected by the sensors and stored in the central repository.

Request Access

You do not own this content. Please login to recommend this title to your institution's librarian or purchase it from the IGI Global bookstore.