Security Attribute Evaluation Method: A Cost Benefit Analysis Shawn A. Butler Computer Science Department Carnegie Mellon University 9 November 2001.

Slides:



Advertisements
Similar presentations
OPERATING EFFECTIVELY AT WESD. What is Internal Control? A process designed to provide reasonable assurance the organizations objectives are achieved.
Advertisements

Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.
1 Telstra in Confidence Managing Security for our Mobile Technology.
Enterprise security How to bring security transparency into your organization ISSA EDUCATIONAL SESSION Nicklaus Schleicher, VP Support & Customer Service.
IS Network and Telecommunications Risks
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Northwestern University Information Technology System Management Issues for the Future Real-Time University Environment Tom Board September 22, 2004 Northwestern.
July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.
1 Multi-Attribute Risk Assessment Shawn A. Butler Computer Science Department Carnegie Mellon University 16 October 2002.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Cyber Security Audit and Network Monitoring P.D. Mynatt Doug Brown March 19 th 2015.
What is Business Analysis Planning & Monitoring?
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.
GrIDS -- A Graph Based Intrusion Detection System For Large Networks Paper by S. Staniford-Chen et. al.
Joseph Ferracin Director IT Security Solutions Managing Security.
Discussing “Risk Analysis in Software Design” 1 FEB Joe Combs.
1 Oppliger: Ch. 15 Risk Management. 2 Outline Introduction Formal risk analysis Alternative risk analysis approaches/technologies –Security scanning –Intrusion.
1 Figure 1-17: Security Management Security is a Primarily a Management Issue, not a Technology Issue Top-to-Bottom Commitment  Top-management commitment.
Lecture 32 Risk Management (Cont’d)
Tutorial Chapter 5. 2 Question 1: What are some information technology tools that can affect privacy? How are these tools used to commit computer crimes?
Class 7 Performing IT Security Risk Assessments
Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.
Michael McDonnell GIAC Certified Intrusion Analyst Creative Commons License: You are free to share and remix but you must provide.
Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007.
© 2001 by Carnegie Mellon University SS5 -1 OCTAVE SM Process 5 Background on Vulnerability Evaluations Software Engineering Institute Carnegie Mellon.
CPT 123 Internet Skills Class Notes Internet Security Session A.
INFORMATION SECURITY MANAGEMENT L ECTURE 7: R ISK M ANAGEMENT I DENTIFYING AND A SSESSING R ISK You got to be careful if you don’t know where you’re going,
CC3020N Fundamentals of Security Management CC3020N Fundamentals of Security Management Lecture 2 Risk Identification and Risk Assessment.
IS Network and Telecommunications Risks Chapter Six.
Welcome to Session 3 – Project Management Process Overview
Knowing What You Missed Forensic Techniques for Investigating Network Traffic.
Federal Information Security Management Act (FISMA) By K. Brenner OCIO Internship Summer 2013.
Project quality management. Introduction Project quality management includes the process required to ensure that the project satisfies the needs for which.
SOFTWARE PROJECT MANAGEMENT
Introduction to Information Security
Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.
Business Analysis. Business Analysis Concepts Enterprise Analysis ► Identify business opportunities ► Understand the business strategy ► Identify Business.
06/02/06 Workshop on knowledge sharing using the new WWW tools May 30 – June 2, 2006 GROUP Presentation Group 5 Group Members Ambrose Ruyooka Emmanuel.
CSCE 548 Secure Software Development Security Operations.
Cyber Security Management Lesson Introduction ●Understand organizational context for cyber security ●Understand the people, process and technology dimensions.
Security Vulnerabilities in A Virtual Environment
CSCE 201 Secure Software Development Best Practices.
Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.
Chapter 7 1Artificial Intelligent. OBJECTIVES Explain why information systems need special protection from destruction, error, and abuse Assess the business.
Slide 1 Security Engineering. Slide 2 Objectives l To introduce issues that must be considered in the specification and design of secure software l To.
Security Attribute Evaluation Method: A Cost Benefit Analysis
Information Security Governance and Risk Chapter 2 Part 2 Pages 69 to 100.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Accounting and Information Systems: a powerful combination.
INFORMATION SECURITY MANAGEMENT L ECTURE 7: R ISK M ANAGEMENT I DENTIFYING AND A SSESSING R ISK You got to be careful if you don’t know where you’re going,
July 1, 2004Computer Security: Art and Science © Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.
November 1, 2004Introduction to Computer Security ©2004 Matt Bishop Slide #1-1 Chapter 1: Introduction Components of computer security Threats Policies.
Dr. Mark Gaynor, Dr. Feliciano Yu, Bryan Duepner.
© 2012 BLR-Business & Legal Resources How to Promote the Business Value of Safety & Health David Galt Managing Editor, Safety.
Lecturer: Eng. Mohamed Adam Isak PH.D Researcher in CS M.Sc. and B.Sc. of Information Technology Engineering, Lecturer in University of Somalia and Mogadishu.
Dr. Gerry Firmansyah CID Business Continuity and Disaster Recovery Planning for IT (W-XIV)
Securing Information Systems
Risk management.
ISSeG Integrated Site Security for Grids WP2 - Methodology
System Management Issues for the Future Real-Time University Environment Tom Board September 22, 2004 Northwestern University Information Technology.
Compliance with hardening standards
INFORMATION SECURITY The protection of information from accidental or intentional misuse of a persons inside or outside an organization Comp 212 – Computer.
Cyber Security Fingerprint Secure systems, protect production
SECURITY MECHANISM & E-COMMERCE
CONFIDENTIALITY, INTEGRITY, LEGAL INTERCEPTION
Chapter 7: RISK ASSESSMENT, SECURITY SURVEYS, AND PLANNING
Intrusion Detection system
MANAGEMENT of INFORMATION SECURITY, Fifth Edition
Presentation transcript:

Security Attribute Evaluation Method: A Cost Benefit Analysis Shawn A. Butler Computer Science Department Carnegie Mellon University 9 November 2001

M S Hey Boss, we need more security. I think we should get the new Acme 2000 Hacker Abolisher We always seem to need more security! Don’t we have enough?

M S Trust me, we will be more secure! What are my alternatives? What is it going to cost? What is the added value?

Value? Alternatives? S

Problem Security managers lack structured cost- benefit methods to evaluate and compare alternative security solutions.

Security Architecture Development Process Risk Assessment Outcomes Threats Prioritized Risks Select Countermeasures System Design Policies Requirements Available Countermeasures Security Components Develop Security Architecture

Security Architecture Development Process Risk Assessment Outcomes Threats Prioritized Risks Select Countermeasures System Design Policies Requirements Available Countermeasures Security Components Develop Security Architecture

The Multi Attribute Risk Assessment 1.Determine threats and outcomes 2.Assess outcome attribute values 3.Assess weights 4.Compute threat indices 5.Sensitivity Analysis Risk Assessment Outcomes Threats Prioritized Risks

Threats Scanning Procedural Violation Browsing Distributed Denial of Service Password Nabbing Personal Abuse Signal Interception : 29 Threats Determine Threats and Outcomes Outcome Attributes Lost Productivity Lost Revenue Regulatory Penalties Reputation Lives Lost Lawsuits : O i = (Lost Prod, Lost Rev, Reg Penalties, Reputation)

Assess Outcome Attribute Values Outcomes Attacks Lost Producti- vity (hrs) Lost Revenue ($$) Regulatory Penalties (scale 0-6) Reputation (scale 0-6) Scanning 10,220/yr (3-4/hr) Low.3001 Expected.5201 High 11,00004 Procedural Violation 4,380/yr (1-2/hr) Low 0000 Expected 2201 High 4012,00034

Prioritize and Assess Weights (Swing Weight Method) Best Worst Lost Prod Lost Rev Reg Penal Reputation 240 hrs $12, hrs $0 0 Rank Weight (w i ) Order

Compute Threat Indices Hours + $$ + Reputation + Regulatory Penalties = ? 1 0 P: Lost Productivity R: Reputation G: Regulatory Penalties L: Lost Revenue , So determine Value Functions V j (x j ) L(x 1 ) $$ + P(x 2 )Hours + R(x 3 )Reputation + G(x 4 )Regulatory Penalties = TI Nonsense !

Computing the Threat Index p expected  (  j=attributes W j  V j (x j expected )) Expected threat TI a = Freq a  [ p low  (  j=attributes W j  V j (x j low )) + p expected  (  j=attributes W j  V j (x j expected )) + p high  (  j=attributes W j  V j (x j high )) ] Threat index

Scanning in More Detail Outcomes Attacks Lost Producti- vity (hrs) Lost Revenue ($$) Regulatory Penalties (scale 0-6) Reputation (scale 0-6) Scanning 10,220/yr Low.3001 Expected.5201 High 11, = p low  (  j=attributes W j  V j (x j low )).07 = p expected  (  j=attributes W j  V j (x j expected )).00 = p high  (  j=attributes W j  V j (x j high )) 10,220  ( ) 

Risk Assessment Results Threat FrequencyLowExpectedHighTotal Scanning 10, Procedural Violation Browsing Dist Denial of Service Password Nabbing Personal Abuse TOTAL 1,507.18

But what about the numbers?

Risk Assessment Sensitivity Analysis Attack Frequencies Outcome Attribute Values Attribute Weights

Probability Distributions Scanning Frequency Dist Scanning Reputation Dist

Change in TI Rankings ?

Cryptographic Compromise Distribution

Regression Sensitivity.078 Lost Productivity/K30.19 Reputation/w j Reputation Outcome

Sensitivity Analysis How sensitive are the answers to estimation errors? Does it matter if the estimates are not accurate? How accurate do they have to be before the decision changes? When is it important to gather additional information?

Selecting Countermeasures Risk Assessment Outcomes Threats Prioritized Risks Select Countermeasures System Design Policies Requirements Available Countermeasures Security Components Develop Security Architecture

Security Attribute Evaluation Method (SAEM) What is SAEM? A structured cost-benefit analysis technique for evaluating and selecting alternative security designs Why SAEM? Security managers make explicit their assumptions Decision rationale is captured Sensitivity analysis shows how assumptions affect design decisions Design decisions are re-evaluated consistently when assumptions change Stakeholders see whether their investment is consistent with risk expectations

SAEM Process Evaluation Method 1.Assess security technology benefits 2.Evaluate security technology benefits 3.Assess coverage 4.Analyze Costs Select Countermeasures System Design PoliciesRequirements Available Countermeasures Security Components Prioritized Risks

Assess Security Technology Benefits Scanning50%75%66% 33% 50% Procedural Violation 50%40%25% Browsing30% Dist Denial of Service 75% Password Nabbing 50% Personal Abuse40% Effectiveness Percentages Threat Security Tech PF FirewallPrxy Firewall Net IDSAuditing Host IDS Vuln Assess Hardened OS Auth Policy Serv Virtual Priv Net Net Monitors

Evaluate Security Technology Benefits Scanning (886) Procedural Violation (367) Browsing (226) 158 Dist Denial of Service (26.12) 6.6 Password Nabbing (.62).31 Personal Abuse (.13).08 Threat Security Tech PF FirewallPrxy FirewallNet IDSAuditingHost IDSVuln AssessHardened OS Auth Policy Serv Virtual Priv NetNet Monitors

Prioritized Technologies Technology  Value Threat Index Overall Rank PKI/Cert.2428 Auditing Auth Policy Server Host-IDS 5892 Net-IDS Smart Cards One Time Psswrd 3407 Single Sign-on 035

Assess Coverage

Host Intrusion Detection Coverage

Auditing Coverage

Analyze Costs $0  Host IDS  Single Sign-on  Smart Cards  Net IDS  Auditing  PKI Cert $20,000  Auth Policy Server Threat Index  Purchase Cost

SAEM Sensitivity Analysis The vulnerability Assessment tool is 66% effective. What does that really mean?

Security Technology Effects on the Risk Assessment Benefit Estimates: - Reduce Frequency - Change Outcomes Vulnerability Assess Scanner Benefit Distribution

Top 25 Countermeasure Rankings Reduced Frequency

Countermeasure Rank Overlaps

Outcome Changes Procedural Violations Reputation Before After

Preliminary Results Risk Assessment threat indices reflect security manager’s concerns –based on interviews and feedback Security managers are able to estimate technology benefits –based on experience, organizational skill levels, and threat expectations Sensitivity Analysis is key to method –based on uncertainty of assumptions

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.