FST Home | Contact Us | Site Map

UM Home | UM News | UM Event Calendar

  • News & Events
    • News
    • Activities
    • Seminars and Distinguished Lectures
    • Conferences Organized
    • Visit & Exchange
    • Competitions
    • Awards and Honors
  • Research
  • Accreditation
  • Courses
    • M.Sc. Courses
    • B.Sc. Courses
      (From 2011/2012)
    • B.Sc. Courses
    • General Education (GE) Courses
    • Admission Requirement
  • Programs
  • Departments
    • Civil and Environmental Engineering
    • Computer and Information Science
    • Electrical and Computer Engineering
    • Electromechanical Engineering
    • Mathematics
    • Supporting Group - Chemistry and Physics
  • About FST
    • Message from the Dean
    • Vision and Mission
    • Deans, Department Heads and Center Directors
    • Faculty General Office Administration
    • Facts and Figures
    • Laboratories
  • Home
  • Prospective Students
    • Admission
    • Tution Fees
    • Financial Assistance & Scholarship
  • Current Students
    • Undergraduate
    • Graduate
  • Exchange Program
  • Training & Placement
    • Objectives
    • Function
    • Governmental Department Partners
    • Organization Partners
    • Career Fair
    • Summer Training
    • Internships
    • Full-time Job Recruitment
    • Part-time Job Recruitment
    • Contact Us
    • News and Events
    • Related Links
  • Industry & Service
  • Outreach
  • Science & Mathematics
    Activities
    • Physics
    • Mathematics
    • Summer Camp
  • Alumni & Friends
    • UM Alumni
  • Academic Alliance
  • Faculty & Staff
    • Faculty
    • Staff
    • Center
    • Former Members
    • FST Intranet
International Conferences and Workshops
  • Conferences hosted by FST
  • FST faculty serves as General Chairs and Program Chairs
  • FST faculty serves as a member of organizing committee
FST Seminar
Back to Seminar 2008 Index
Quantitative Approaches in Information Security Research
Speaker:Professor Andy Ju An Wang
Department of Information Technology
Southern Polytechnic State University
Date & Time:19 Jun 2008 (Thursday) 16:00 - 17:00
Venue:NG05

Abstract

The importance of quantifying security attributes and mechanisms continuous to grow as our society and infrastructures are more and more dependent on information security. Without well-defined security metrics, we cannot measure the success or failure of security policy, control mechanisms, or implementations thus we cannot improve it effectively. Metrics also help identify system vulnerabilities, providing guidance in prioritizing corrective actions, and raising the level of security awareness within an organization. Common security metrics are often qualitative, subjective, without a formal model, or too naive to be applied in real world. This presentation will discuss the criteria for good security metrics, common metric properties, and how to establish quantitative and objective information security metrics. Since many security issues are rooted in software defects, software vulnerabilities jeopardize infrastructure operations, business operations and services, and consumer trust. This talk will focus on quantitative approaches to measuring software vulnerabilities. An introduction and comment on the recently released CVSS 2.0 (Common Vulnerability Scoring System) will be given followed by further insights on security metrics and their applications in security automation and standardization. A prototype of an automated tool in measuring software vulnerabilities will be demonstrated.

Biography

Andy Ju An Wang is a Professor of Information Technology in the School of Computing and Software Engineering, Southern Polytechnic State University. His research interests center on information security and component-based software development. He obtained his BS, MS, and Ph.D. all in computer science and has been teaching in various universities since 1982. In addition to be a widely published author of books and papers, he has served as CTO and founder and as a consultant for many IT companies. As the Department Chair, Dr. Wang established the information security curriculum and Graduate Certificate Program in Information Security and Assurance, and serves as the founding director for the Center of Information Security Education (CISE) at SPSU. Dr. Wang has broad interests in information systems security, information security model and metrics, component-oriented programming, embedded software engineering, and computer science education.

Faculty of Science and Technology (c) All Rights Reserved.