Computer vulnerability risk analysis.

Van Loggerenberg, Morne

04 June 2008

The discussions presented in this dissertation have been undertaken in answer to the need for securing the intellectual assets stored on computer systems. Computer vulnerabilities and their influence on computer systems and the intellectual assets they possess are the main focus of this research. In an effort to portray the influence of vulnerabilities on a computer system, a method for assigning a measure of risk to individual vulnerabilities is proposed. This measure of risk, in turn, gives rise to the development of the vulnerability risk status of a computer system. In short, vulnerability risk status is the total measure of risk a computer system is exposed to according to its vulnerabilities, at a certain point in time. A prototype was developed to create the vulnerability risk status of a computer system, which summarizes the purpose of the research in this dissertation. The discussions start with background information concerning the influence of the inherent vulnerabilities on computer systems. A conceptual model is proposed for achieving the creation of the vulnerability risk status of a computer system. Later chapters are concerned with categorizing all known vulnerabilities so that the main areas of vulnerability within a computer system can be identified. Different security technologies and tools are also evaluated to determine those that could aid the creation of vulnerability risk status. A security tool is selected and the generic, architectural elements are manipulated to allow the added functionality of vulnerability risk status. In conclusion, discussions are evaluated to determine whether the problem statements have been addressed and thoroughly resolved. / Eloff, J.H.P., Prof.

computer security

computer systems' risk assessment