Toward a Vulnerability Mitigation Model

This chapter demonstrates how the elements of a cybersecurity incident can be analysed systematically, and suggests an alternative way to mitigate the causes and consequences of such incidents. Cybersecurity incidents can be explained in terms of a sequence of elements linking the attacking agents to their objectives: the attacking agent uses tools to exploit vulnerabilities, causing actions on a specific target to obtain unauthorized results, achieving their objectives. Cyber security can be improved by stopping the flow of the attack by mitigating one or more elements that make up the process. Unfortunately, most of these elements have characteristics that limit the opportunities for mitigation. The least difficult element to mitigate is vulnerability. The current model of vulnerability mitigation has behaved for the corporate environment, which can pay for specialized tools and consulting. This is an excellent business model but inaccessible to the public. A new model is necessary to prevent cybersecurity incidents on a broader, more inclusive level. The main proposal for vulnerability mitigation is multisector cooperation to create an independent, trustworthy, and secure vulnerability database, based on a new vulnerability report protocol developed in accordance with researchers, companies, governments, and society. However, this proposal creates some social, political, and technical challenges.

Do vulnerability mitigation strategies influence firm performance: the mediating role of supply chain risk

PurposeCurrently, small and medium enterprises (SMEs) are facing different types of risk, and mitigating these risks is the primary concern for the emerging firms. This study intends to investigate “do vulnerability mitigation strategies (VMSs) predict firm performance (FP)”? Moreover, it explores the mediation mechanism of supply chain risk (SCR) in the association between VMSs and FP.Design/methodology/approachUsing a survey method, the authors recruited 355 textile SME entrepreneurs and tested their proposed model and hypotheses in AMOS.FindingsThe findings depict that all VMSs significantly minimize SCR, which subsequently enhances FP. Moreover, he atudy also identifies supply chain finance (SCF), a new VMS in the context of textile SMEs.Practical implicationsThe findings help SME officials to minimize SCR through proper implementation of VMSs in the firm's daily operations. SCF is strongly recommended to SMEs because it optimizes working capital and minimizes the risk of default.Social implicationsThis research supports SMEs to overcome vulnerabilities using VMSs and provide sustainable employment to individuals in the society.Originality/valueThis study reviews four VMSs and how these strategies simultaneously mitigate SCR and enhance SME performance in the emerging market context, which was skipped in the literature of supply chain management. Moreover, the study identifies SCF as a significant risk mitigation strategy for SMEs.

Security assessment framework for educational ERP systems

The educational ERP systems have vulnerabilities at the different layers such as version-specific vulnerabilities, configuration level vulnerabilities and vulnerabilities of the underlying infrastructure. This research has identified security vulnerabilities in an educational ERP system with the help of automated tools; penetration testing tool and public vulnerability repositories (CVE, CCE) at all layers. The identified vulnerabilities are analyzed for any false positives and then clustered with mitigation techniques, available publicly in security vulnerability solution repository like CCE and CWE. These mitigation techniques are mapped over reported vulnerabilities using mapping algorithms. Security vulnerabilities are then prioritized based on the Common Vulnerability Scoring System (CVSS). Finally, open standards-based vulnerability mitigation recommendations are discussed.