A Review of Cyber-security Measuring and Assessment Methods for Modern Enterprises

Abstract

Regarding the huge spread of technology among individuals and enterprises, technologies and electronic communications  become one of the most important pillars of the operation of small and large enterprises alike, and the source of education and entertainment for individuals, this led to thinking about the risks of reliance on this technology and the impact on the economic index of enterprises market, reputation and the safety of individuals and enterprises, these fears forced the  experts and decision-makers to think about information security and develop new methods to measure and assess the level of protection of information and data in enterprises and privacy of individuals. This paper introducing a review of recent cyber-security measuring and assessment methodologies and tools based on industry best practices for the measure and assesses of network security and protection of a modern enterprise data network. The analysis is based on a study the methods for the measurement and assessment of information security at the physical and technical level, penetration testing and identification of weaknesses in the cyber-security system followed and policies used in modern enterprises. A comprehensive description of the strengths, weaknesses, and licensing conditions for tools is presented. Moreover, major security requirements associated with modern enterprises is discussed and analyzed to discover vulnerability in the existing systems and explain the potential impact of this vulnerability.