A General Framework to Understand Vulnerabilities in Information Systems
Firms and organizations are increasingly facing security issues related to vulnerabilities in their information systems. Firms, especially small and medium-sized enterprises, usually have very limited security resources and thus have difficulty understanding vulnerabilities and fixing them according...
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2020-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/9130665/ |
| id |
doaj-b67f47914d3d4c8bbd4cd9bf4f49a8de |
|---|---|
| record_format |
Article |
| spelling |
doaj-b67f47914d3d4c8bbd4cd9bf4f49a8de2021-03-30T02:32:54ZengIEEEIEEE Access2169-35362020-01-01812185812187310.1109/ACCESS.2020.30063619130665A General Framework to Understand Vulnerabilities in Information SystemsXiong Zhang0https://orcid.org/0000-0001-5998-0216Haoran Xie1Hao Yang2Hongkai Shao3Minghao Zhu4https://orcid.org/0000-0001-6922-2056School of Economics and Management, Beijing Jiaotong University, Beijing, ChinaDepartment of Computing and Decision Sciences, Lingnan University, Hong KongSchool of Economics and Management, Beijing Jiaotong University, Beijing, ChinaSchool of Economics and Management, Beijing Jiaotong University, Beijing, ChinaSchool of Economics and Management, Beijing Jiaotong University, Beijing, ChinaFirms and organizations are increasingly facing security issues related to vulnerabilities in their information systems. Firms, especially small and medium-sized enterprises, usually have very limited security resources and thus have difficulty understanding vulnerabilities and fixing them accordingly. This study aims to build a general framework that can help firms understand the characteristics of vulnerabilities in information systems: for instance, what category a specific vulnerability belongs to, what potential risks it poses, and what the key clues are to addressing it. To this end, we collect data on real vulnerabilities that have emerged in firms' information systems from a popular vulnerability report platform. Features are extracted at four different levels, namely, the word, phrase, topic, and record levels. The experimental results show that the general framework helps characterize the modes and patterns of various types of vulnerabilities. This study contributes to the security literature by providing a deeper understanding of the characteristics of vulnerabilities and their related suggested solutions. Firms can apply this framework to ensure information security.https://ieeexplore.ieee.org/document/9130665/Classificationinformation securityrisk-level predictiontopic analysisvulnerability |
| collection |
DOAJ |
| language |
English |
| format |
Article |
| sources |
DOAJ |
| author |
Xiong Zhang Haoran Xie Hao Yang Hongkai Shao Minghao Zhu |
| spellingShingle |
Xiong Zhang Haoran Xie Hao Yang Hongkai Shao Minghao Zhu A General Framework to Understand Vulnerabilities in Information Systems IEEE Access Classification information security risk-level prediction topic analysis vulnerability |
| author_facet |
Xiong Zhang Haoran Xie Hao Yang Hongkai Shao Minghao Zhu |
| author_sort |
Xiong Zhang |
| title |
A General Framework to Understand Vulnerabilities in Information Systems |
| title_short |
A General Framework to Understand Vulnerabilities in Information Systems |
| title_full |
A General Framework to Understand Vulnerabilities in Information Systems |
| title_fullStr |
A General Framework to Understand Vulnerabilities in Information Systems |
| title_full_unstemmed |
A General Framework to Understand Vulnerabilities in Information Systems |
| title_sort |
general framework to understand vulnerabilities in information systems |
| publisher |
IEEE |
| series |
IEEE Access |
| issn |
2169-3536 |
| publishDate |
2020-01-01 |
| description |
Firms and organizations are increasingly facing security issues related to vulnerabilities in their information systems. Firms, especially small and medium-sized enterprises, usually have very limited security resources and thus have difficulty understanding vulnerabilities and fixing them accordingly. This study aims to build a general framework that can help firms understand the characteristics of vulnerabilities in information systems: for instance, what category a specific vulnerability belongs to, what potential risks it poses, and what the key clues are to addressing it. To this end, we collect data on real vulnerabilities that have emerged in firms' information systems from a popular vulnerability report platform. Features are extracted at four different levels, namely, the word, phrase, topic, and record levels. The experimental results show that the general framework helps characterize the modes and patterns of various types of vulnerabilities. This study contributes to the security literature by providing a deeper understanding of the characteristics of vulnerabilities and their related suggested solutions. Firms can apply this framework to ensure information security. |
| topic |
Classification information security risk-level prediction topic analysis vulnerability |
| url |
https://ieeexplore.ieee.org/document/9130665/ |
| work_keys_str_mv |
AT xiongzhang ageneralframeworktounderstandvulnerabilitiesininformationsystems AT haoranxie ageneralframeworktounderstandvulnerabilitiesininformationsystems AT haoyang ageneralframeworktounderstandvulnerabilitiesininformationsystems AT hongkaishao ageneralframeworktounderstandvulnerabilitiesininformationsystems AT minghaozhu ageneralframeworktounderstandvulnerabilitiesininformationsystems AT xiongzhang generalframeworktounderstandvulnerabilitiesininformationsystems AT haoranxie generalframeworktounderstandvulnerabilitiesininformationsystems AT haoyang generalframeworktounderstandvulnerabilitiesininformationsystems AT hongkaishao generalframeworktounderstandvulnerabilitiesininformationsystems AT minghaozhu generalframeworktounderstandvulnerabilitiesininformationsystems |
| _version_ |
1724184997512871936 |