• DocumentCode
    125644
  • Title

    A Scenario Method to Automatically Assess ICT Risk

  • Author

    Baiardi, Fabrizio ; Coro, Fabio ; Tonelli, Federico ; Sgandurra, Daniele

  • Author_Institution
    Dipt. di Inf., Univ. di Pisa, Pisa, Italy
  • fYear
    2014
  • fDate
    12-14 Feb. 2014
  • Firstpage
    544
  • Lastpage
    551
  • Abstract
    We present an assessment of ICT systems that merges a scenario approach and a Monte Carlo method. To automate the assessment, we have developed two tools. The first one builds a formal description of the vulnerabilities in the target system and of the attacks they enable. Starting from this description, the second tool consider each scenario of interest and it simulate several times how intelligent and adaptive threat agents compose these attacks to reach some goals. By collecting samples in these simulations, this tool returns a database to compute statistics of interest for the assessment, such as the success probability of the agents or their average impacts. After outlining the design of the tools, we discuss a test case to show how they are exploited in a real assessment to manage the corresponding risk.
  • Keywords
    Monte Carlo methods; multi-agent systems; security of data; ICT systems assessment; Monte Carlo method; adaptive threat agent; formal description; intelligent agent; target system vulnerabilities; Accuracy; Complexity theory; Computational modeling; Databases; Monte Carlo methods; Probability; Topology; Monte Carlo method; intelligent threat agent; risk assessment; vulnerability assessment; vulnerability scanning;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Parallel, Distributed and Network-Based Processing (PDP), 2014 22nd Euromicro International Conference on
  • Conference_Location
    Torino
  • ISSN
    1066-6192
  • Type

    conf

  • DOI
    10.1109/PDP.2014.105
  • Filename
    6787327
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=125644