Paper Info
Title
Cyber Security Risks Assessment with Bayesian Defense Graphs and Architectural Models
Abstract
To facilitate rational decision making regarding cyber security investments, decision makers need to be able to assess expected losses before and after potential investments. This paper presents a model based assessment framework for analyzing the cyber security provided by different architectural scenarios. The framework uses the Bayesian statistics based Extended Influence Diagrams to express attack graphs and related countermeasures. In this paper it is demonstrated how this structure can be captured in an abstract model to support analysis based on architectural models. The approach allows calculating the probability that attacks will succeed and the expected loss of these given the instantiated architectural scenario. Moreover, the framework can handle the uncertainties that are accompanied to the analyses. In architectural analysis there are uncertainties acquainted both to the scenario and its properties, as well as to the analysis framework that stipulates how security countermeasures contribute to cyber security.
Year
DOI
Venue
2009
10.1109/HICSS.2009.141
HICSS
Keywords
Field
DocType
cyber security risks,different architectural scenario,assessment framework,abstract model,analysis framework,architectural models,bayesian defense graphs,architectural model,cyber security investment,instantiated architectural scenario,cyber security,architectural analysis,security countermeasures,risk assessment
Security engineering,Computer science,Computer security,Rational planning model,Influence diagram,Bayesian statistics,Security information and event management,Threat,Computer security model,Bayesian probability
Conference
Citations 
PageRank 
References 
13
0.77
20
Authors
3
Name
Order
Citations
PageRank
Teodor Sommestad129223.72
Mathias Ekstedt263449.70
Pontus Johnson378855.88