Title :
Cyber Security Risks Assessment with Bayesian Defense Graphs and Architectural Models
Author :
Sommestad, Teodor ; Ekstedt, Mathias ; Johnson, Peter
Abstract :
To facilitate rational decision making regarding cyber security investments, decision makers need to be able to assess expected losses before and after potential investments. This paper presents a model based assessment framework for analyzing the cyber security provided by different architectural scenarios. The framework uses the Bayesian statistics based extended influence diagrams to express attack graphs and related countermeasures. In this paper it is demonstrated how this structure can be captured in an abstract model to support analysis based on architectural models. The approach allows calculating the probability that attacks will succeed and the expected loss of these given the instantiated architectural scenario. Moreover, the framework can handle the uncertainties that are accompanied to the analyses. In architectural analysis there are uncertainties acquainted both to the scenario and its properties, as well as to the analysis framework that stipulates how security countermeasures contribute to cyber security.
Keywords :
Bayes methods; decision making; graph theory; investment; probability; risk management; security of data; Bayesian defense graph; Bayesian statistics based extended influence diagram; architectural model; cyber security investment; cyber security risk assessment management; decision maker; probability; Bayesian methods; Computer architecture; Computer security; Decision making; Information security; Investments; Management information systems; Risk management; Tree graphs; Uncertainty;
Conference_Titel :
System Sciences, 2009. HICSS '09. 42nd Hawaii International Conference on
Conference_Location :
Big Island, HI
Print_ISBN :
978-0-7695-3450-3
DOI :
10.1109/HICSS.2009.141
