MS in Computer Science (M.S.C.S.)
Degree Granting Department
Computer Science and Engineering
Xinming Ou, Ph.D.
Paul Rosen, Ph.D.
Jarred Ligatti, Ph.D.
BitSight, Botnet, Metrics, Sinkhole
In the field of cybersecurity, the top-level management make use of metrics to decide if the organization is doing well to protect itself from cyber attacks or is in tatters leaving itself susceptible against the vast threats looming around. Not only that but metrics are even used to measure the performance of the security team. The aim of this thesis is to show how economics is closely related to cybersecurity and how metrics play an important role in policy making of an organization. Furthermore, I scrutinize one of the leading security score providers for the way they detect botnet infection. Botnet infection is a part of compromised system group in their score card categories that amounts to 55\% of the total security score. So, it becomes essential for the security score providers to have the right method of grading a company since it will have an impact on how they use their resources to protect itself from outside threat and the insurance premium they pay to cover any successful cyber attacks. I have found out that the data on which the botnet infection vector is graded has false positives. I shed light on security analyst and security team on a whole in their role in making decisions according to the security score. It is even the duty of the security team to work ethically, that is, the aim should not be to improve the security score rather the aim should be to protect the organization from outside attacks and if it happens to increase the security rating then be it so.
Scholar Commons Citation
Ahmed, Jaleel, "Empirical Analysis of a Cybersecurity Scoring System" (2019). Graduate Theses and Dissertations.