Quantitative assessment of cyber security risk using bayesian network-based model

Author

Mo, Sheung Yin Kevin ; Beling, Peter A. ; Crowther, Kenneth G.

Author_Institution

Dept. of Syst. Eng., Univ. of Virginia, Charlottesville, VA, USA

fYear

2009

fDate

24-24 April 2009

Firstpage

183

Lastpage

187

Abstract

This paper proposes a quantitative model for assessing cyber security risk in information security. The model can be used to evaluate the security readiness of firms in the marketplace through qualitative and quantitative tools. We propose a Bayesian network methodology that can be used to generate a cyber security risk score that takes as input a firm´s security profile and data breach statistics. The quantitative model enables cyber risk to be captured in a precise and comparable fashion. The objective of the scoring model is to create a common reference in the marketplace that could enhance incentives for firms to invest and improve their security systems. This paper concludes with a demonstration of scoring an intrusion detection network.

Keywords

Internet; belief networks; information systems; probability; risk management; security of data; Bayesian network; Internet; cyber security risk; data breach statistics; firm security profile; information security; information system; intrusion detection network; probability; quantitative assessment; Banking; Bayesian methods; Business; Computer security; Data security; Information security; Internet; Protection; Systems engineering and theory; Terrorism;

fLanguage

English

Publisher

ieee

Conference_Titel

Systems and Information Engineering Design Symposium, 2009. SIEDS '09.

Conference_Location

Charlottesville, VA

Print_ISBN

978-1-4244-4531-8

Electronic_ISBN

978-1-4244-4532-5

Type

conf

DOI

10.1109/SIEDS.2009.5166177

Filename

5166177