[nsp-sec] Questions: which factors should be considered to make a public network security index ( indicator)?

[Yonglin ZHOU]

Hello colleagues!

Have you ever been asked that how about the internet security status
now? Thinking of the asker of  a)  the minister of  ICT ministry
(government), b) Boss of the Network Operateor,  c) Boss of a critical
information infrastructure, d) a common internet user.

Yes, I have been aske for many times. Since the asker is not very
familar with network securiyt technology and don't have more than 1
minutes to listen to my technical explanation, my answer never sounds
impressively.

OK. Yesterday, I was told to give a even simple model to describe the
network security conditions in a month. The model is supposed to work
out one or more indexs every day/month. Just by talking the change of
the index value, I can explain the change of network security status
to the senior officer of ICT ministry.  Seems it is another good
chance to educate up. Good.

What vectors to consider?
1) Abnomal traffics? DDOS, p2p, abnormal change on some ports?
2) Number of controlled victims by botnet, trojanhorse?
3) Number of  malicious code web pages?
4) Routing table incidents?
5) DNS hijeck?
6) New vulnerability? like the latest so called TCP/IP vul?

What index should be part of  the output?
1) The internet infrastructure running status ( normal, dangous, ...)
and potential threats level ( low, normal, high,...)
2) The risk level of information systems (bank, power,...)
3) The rist level of common user pcs...
...

I'd like to hear your thoughts.

Many thanks,

Yonglin.




-- 
----------------- Enjoy the life --------------------
Yonglin ZHOU
Fix line: + 86 10 8299 0355  Fax: +86 10 8299 0399
Email: zyl at cert.org.cn,  yonglin.zhou at gmail.com
-------------------------------------------------------------------------