Open Access
ARTICLE
A Framework for Systematic Classification of Assets for Security Testing
Sadeeq Jan1,*, Omer Bin Tauqeer1, Fazal Qudus Khan2, George Tsaramirsis2, Awais Ahmad3, Iftikhar Ahmad4, Imran Maqsood5, Niamat Ullah6
1 National Center for Cyber Security, Department of CS & IT, University of Engineering & Technology, Peshawar, Pakistan
2 Department of Information Technology, FCIT, King Abdulaziz University, Jeddah, Saudi Arabia
3 Dipartimento di Informatica (DI), Università Degli Studi di Milano Statale, Via Celoria 18, Milano, Italy
4 Department of Computer Science & IT, University of Engineering & Technology, Peshawar, Pakistan
5 Department of Software Engineering, University of Engineering & Technology, Mardan, Pakistan 6
University of Buner, Buner, Pakistan
* Corresponding Author: Sadeeq Jan. Email:
Computers, Materials & Continua 2021, 66(1), 631-645. https://doi.org/10.32604/cmc.2020.012831
Received 14 July 2020; Accepted 07 August 2020; Issue published 30 October 2020
Abstract
Over the last decade, a significant increase has been observed in the use
of web-based Information systems that process sensitive information, e.g., personal, financial, medical. With this increased use, the security of such systems
became a crucial aspect to ensure safety, integrity and authenticity of the data.
To achieve the objectives of data safety, security testing is performed. However,
with growth and diversity of information systems, it is challenging to apply security testing for each and every system. Therefore, it is important to classify the
assets based on their required level of security using an appropriate technique.
In this paper, we propose an asset security classification technique to classify
the System Under Test (SUT) based on various factors such as system exposure,
data criticality and security requirements. We perform an extensive evaluation of
our technique on a sample of 451 information systems. Further, we use security
testing on a sample extracted from the resulting prioritized systems to investigate
the presence of vulnerabilities. Our technique achieved promising results of successfully assigning security levels to various assets in the tested environments and
also found several vulnerabilities in them.
Keywords
Cite This Article
APA Style
Jan, S., Tauqeer, O.B., Khan, F.Q., Tsaramirsis, G., Ahmad, A. et al. (2021). A framework for systematic classification of assets for security testing. Computers, Materials & Continua, 66(1), 631-645. https://doi.org/10.32604/cmc.2020.012831
Vancouver Style
Jan S, Tauqeer OB, Khan FQ, Tsaramirsis G, Ahmad A, Ahmad I, et al. A framework for systematic classification of assets for security testing. Comput Mater Contin. 2021;66(1):631-645 https://doi.org/10.32604/cmc.2020.012831
IEEE Style
S. Jan et al., "A Framework for Systematic Classification of Assets for Security Testing," Comput. Mater. Contin., vol. 66, no. 1, pp. 631-645. 2021. https://doi.org/10.32604/cmc.2020.012831
Citations