Sciweavers

HICSS
2009
IEEE

Cyber Security Risks Assessment with Bayesian Defense Graphs and Architectural Models

14 years 4 months ago
Cyber Security Risks Assessment with Bayesian Defense Graphs and Architectural Models
To facilitate rational decision making regarding cyber security investments, decision makers need to be able to assess expected losses before and after potential investments. This paper presents a model based assessment framework for analyzing the cyber security provided by different architectural scenarios. The framework uses the Bayesian statistics based Extended Influence Diagrams to express attack graphs and related countermeasures. In this paper it is demonstrated how this structure can be captured in an model to support analysis based on architectural models. The approach allows calculating the probability that attacks will succeed and the expected loss of these given the instantiated architectural scenario. Moreover, the framework can handle the uncertainties that are accompanied to the analyses. In architectural analysis there are uncertainties acquainted both to the scenario and its properties, as well as to the analysis framework that stipulates how security countermeasures ...
Teodor Sommestad, Mathias Ekstedt, Pontus Johnson
Added 16 Aug 2010
Updated 16 Aug 2010
Type Conference
Year 2009
Where HICSS
Authors Teodor Sommestad, Mathias Ekstedt, Pontus Johnson
Comments (0)