Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Multi-Attribute Risk Assessment Shawn A. Butler Computer Science Department Carnegie Mellon University 16 October 2002.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Multi-Attribute Risk Assessment Shawn A. Butler Computer Science Department Carnegie Mellon University 16 October 2002."— Presentation transcript:

1 1 Multi-Attribute Risk Assessment Shawn A. Butler Computer Science Department Carnegie Mellon University 16 October 2002

2 2 Advantages of Multi-Attribute Risk Assessments Provides a systematic and repeatable method for evaluating risks Helps organizations identify and prioritize security requirements Makes explicit expectations about attack consequences Provides insights into the affect of uncertainty

3 3 Some Terminology Threats - events, which could lead to an information system compromise. (Examples: denial of service attacks, procedural violations, IP spoofing, etc.) Attacks -An attack (a) is an instance of a threat that results in an information system compromise. that has an outcome (O a ) Outcome - one or more consequences (X j ). Consequence – Damage (x j )from a successful attack (Examples: lost productivity, lost revenue, damaged public image, lost lives)

4 4 (Threat) Denial of Service (Outcomes) X 1 X 2 X 3 Lost Productivity Lost Revenue Damaged Public Image a 1 3 hours $0none a 2 40 hours$20,000moderate a 3 10 hours $500slight Attacks(Consequence Values (x 1, x 2, x 3 ) Outcome

5 5 Security Architecture Development Process Risk Assessment Outcomes Threats Prioritized Risks Select Countermeasures System Design Policies Requirements Available Countermeasures Security Components Develop Security Architecture Security Architecture Development Process

6 6 Multi-attribute Risk Assessment Process Threat Definition Threat Definition Threats Outcomes Org Threats Most Likely Outcomes Expected Frequency of Attack S.M. Best Est. Security Manager Questions Additive Model Risks Prioritized Sensitivity Analysis Sensitivity Analysis Compute Threat Indexes Compute Threat Indexes Estimate Outcome Values Estimate Outcome Values

7 7 The Additive Model Check additivity assumptions to see if the additive form is valid Assess the single-attribute value functions v 1, v 2, …, v n Assess the weighting factors w 1, w 2, …, w n Compute the value of each alternative and rank alternatives Conduct sensitivity analysis to see how sensitive the ranking is to model assumptions TI a = Freq a * (  j=attributes w j * v j (x aj ))

8 8 Independence Assumptions Tradeoffs between two consequence values — holding all other consequence values fixed — do not depend on where we hold the other attributes fixed

9 9 Assess Single Consequence Value Function LinearConcaveConvex v j (x aj ) 0 1 0 1 0 1 xj*xj* xj*xj* xj*xj*

10 10 Weight the Consequences wjwj Outcome Attribute Rank Assessed Preference Weight (w j ) Lost Productivity 1100.42 Public Reputation 280.33 Regulatory Penalties 340.17 Lost Revenue 420.08

11 11

12 12 Compute Value and Rank Alternatives Outcome Consequences Lost Revenue Reputation Lost Productivity Reg. Penalt. TI Threatsfreq/yr w =.08w =.33w =.42w =.17 Procedural Violation 4,380$2.00021.252hrs.008300376.69 Theft 24$182.01522.51hrs.00422.676.75 Virus 912$00003hrs.01250080.03

13 13 Developing Requirements System Scanning Host-Based IDS Vulnerability Assessment Scanners Penetration Testing Tools Network Based IDS Network Monitoring Tools Hardened OS Virus Hardened OS Electronic Signature Host-Based IDS Anti-virus software Mobile Code Scanners ThreatSecurity Technologies

14 14 Threat Indexes as a Percentage of Total Threat Index

15 15 OrderSAEM’s Top ThreatsSecurity Manager’s 1Procedural ViolationPersonal Computer Abuse 2VirusTheft 3Personal Computer AbuseVirus Threats Expected Frequency Public Image Lost Productivity Customer Relationships Procedural Violation 360,000/yrNone$100None Virus26,000/yrMild$4,000 Moderately Mild Personal Computer Abuse 2,000/yrMild$250None

16 16 Case Study Results Commercial-CaseHospital-Case Outcomes Damaged Public Image Patient Care Damaged Customer Relationships Damaged Public Image Lost Revenue Physician Perceptions Threats2715 Initial Correlation Coefficient.19.53 Final Correlation Coefficient.86.81 Refinements Adjusted both inputs and initial ranking Adjusted inputs Top Threats Viruses Alterations Viruses Compromising Emanations

17 17 Conclusions Multi-attribute Risk Assessments provide insight during risk assessment process Multi-attribute Risk Assessments can help security manager’s prioritize risks, which leads to prioritized requirements Inexperienced security managers will be able to benefit from information collected from other organizations

Download ppt "1 Multi-Attribute Risk Assessment Shawn A. Butler Computer Science Department Carnegie Mellon University 16 October 2002."

Similar presentations

Web Security for Network and System Administrators1 Chapter 1 Introduction to Information Security.

Web Security for Network and System Administrators1 Chapter 1 Introduction to Information Security.
S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,

S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,
Protection of Information Assets I. Joko Dewanto 1.

Protection of Information Assets I. Joko Dewanto 1.
Jeanne H. Espedalen Attack Trees Describing Security in Distributed Internet-Enabled Metrology.

Jeanne H. Espedalen Attack Trees Describing Security in Distributed Internet-Enabled Metrology.
Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 © 2002 Carnegie.

Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.
1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.

1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.
DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Phase III – Validation Thomas Howard Chris Pierce.

DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Phase III – Validation Thomas Howard Chris Pierce.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.

A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.
Peter Brudenall & Caroline Evans- Simmons & Simmons Marsh Technology Conference 2005 Zurich, Switzerland. Managing the Security Landscape – Legal and Risk.

Peter Brudenall & Caroline Evans- Simmons & Simmons Marsh Technology Conference 2005 Zurich, Switzerland. Managing the Security Landscape – Legal and Risk.
1 An Overview of Computer Security computer security.

1 An Overview of Computer Security computer security.
S5-1 © 2001 Carnegie Mellon University OCTAVE SM Process 5 Identify Key Components Software Engineering Institute Carnegie Mellon University Pittsburgh,

S5-1 © 2001 Carnegie Mellon University OCTAVE SM Process 5 Identify Key Components Software Engineering Institute Carnegie Mellon University Pittsburgh,
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.

Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Quantitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Quantitative.
Security Attribute Evaluation Method: A Cost Benefit Analysis Shawn A. Butler Computer Science Department Carnegie Mellon University 9 November 2001.

Security Attribute Evaluation Method: A Cost Benefit Analysis Shawn A. Butler Computer Science Department Carnegie Mellon University 9 November 2001.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

Similar presentations

Ads by Google