1 Multi-Attribute Risk Assessment Shawn A. Butler Computer Science Department Carnegie Mellon University 16 October 2002.

Slides:

Advertisements

Similar presentations

Web Security for Network and System Administrators1 Chapter 1 Introduction to Information Security.

Advertisements

S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,

Protection of Information Assets I. Joko Dewanto 1.

Jeanne H. Espedalen Attack Trees Describing Security in Distributed Internet-Enabled Metrology.

Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.

1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.

DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Phase III – Validation Thomas Howard Chris Pierce.

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.

Peter Brudenall & Caroline Evans- Simmons & Simmons Marsh Technology Conference 2005 Zurich, Switzerland. Managing the Security Landscape – Legal and Risk.

1 An Overview of Computer Security computer security.

S5-1 © 2001 Carnegie Mellon University OCTAVE SM Process 5 Identify Key Components Software Engineering Institute Carnegie Mellon University Pittsburgh,

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Quantitative.

Security Attribute Evaluation Method: A Cost Benefit Analysis Shawn A. Butler Computer Science Department Carnegie Mellon University 9 November 2001.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

Author: Andy Reedftp://topsurf.co.uk/reed FdSc IT/Computer Networking & IT(e-commerce) Communications Network Management An Introduction to Security.

Agenda  Introduce key concepts in information security from the practitioner’s viewpoint.  Discuss identifying and prioritizing information assets through.

1 Oppliger: Ch. 15 Risk Management. 2 Outline Introduction Formal risk analysis Alternative risk analysis approaches/technologies –Security scanning –Intrusion.

Slide 1 Using Models Introduced in ISA-d Standard: Security of Industrial Automation and Control Systems (IACS) Rahul Bhojani ISA SP99 WG4 Meeting.

Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.

Risk Assessment. InfoSec and Legal Aspects Risk assessment Laws governing InfoSec Privacy.

Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.

Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007.

© 2001 by Carnegie Mellon University SS5 -1 OCTAVE SM Process 5 Background on Vulnerability Evaluations Software Engineering Institute Carnegie Mellon.

An Analysis of 3G Phone Security Emily Maples & Evan Nakano CMPE 209.

INFORMATION SECURITY MANAGEMENT L ECTURE 7: R ISK M ANAGEMENT I DENTIFYING AND A SSESSING R ISK You got to be careful if you don’t know where you’re going,

Lesson 7-Managing Risk. Overview Defining risk. Identifying the risk to an organization. Measuring risk.

Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.

Lesson 9-Information Security Best Practices. Overview Understanding administrative security. Security project plans. Understanding technical security.

Denial of Service (DoS) Attacks: A Nightmare for eCommerce Jearanai Muangsuwan Strayer University.

Module 6: Designing Security for Network Hosts

Lesson 2 Computer Security Incidents Taxonomy. Need an accepted taxonomy because... Provides a common frame of reference If no taxonomy, then we: Can’t.

Wireless Intrusion Prevention System

Desktop Security: Making Sure Your Office Environment is Secure.

HP World September 2002 Scott S. Blake, CISSP Vice President, Information Security BindView Corporation Vulnerability Assessment and Action.

Software Architecture Evaluation Methodologies Presented By: Anthony Register.

Introduction to Information Security

5/18/2006 Department of Technology Services Security Architecture.

Csci5233 computer security & integrity 1 An Overview of Computer Security.

Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.

Visual 1. 1 Lesson 1 Overview and and Risk Management Terminology.

Chapter 7 1Artificial Intelligent. OBJECTIVES Explain why information systems need special protection from destruction, error, and abuse Assess the business.

Advanced Anti-Virus Techniques

Security Attribute Evaluation Method: A Cost Benefit Analysis

S ystems Analysis Laboratory Helsinki University of Technology 1 Decision Analysis Raimo P. Hämäläinen Systems Analysis Laboratory Helsinki University.

COST BENEFITS OF IMPLEMENTING CREDIT CARD DATABASE TOKENIZATION USING FAIR CASE STUDY SHARED COURTESY OF RISKLENS CONFIDENTIAL - FAIR INSTITUTE

Title: Port Security Risk Assessment Tool (PSRAT) Author:Tony Regalbuto Chief, Office of International & Domestic Port Security Assessments United States.

Dr. Mark Gaynor, Dr. Feliciano Yu, Bryan Duepner.

SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #

ON “SOFTWARE ENGINEERING” SUBJECT TOPIC “RISK ANALYSIS AND MANAGEMENT” MASTER OF COMPUTER APPLICATION (5th Semester) Presented by: ANOOP GANGWAR SRMSCET,

Tuesday March 15, 2016 Session 19-D Technology Forum David Finkelstein, CIO RiverSpring Health.

Chapter 13 Network Security Auditing Antivirus Firewalls Authentication Authorization Encryption.

S7-1 © 2001 Carnegie Mellon University OCTAVE SM Process 7 Conduct Risk Analysis Software Engineering Institute Carnegie Mellon University Pittsburgh,

Vulnerability Assessment Sequoia Voting Systems October 10, 2006.

Headquarters U.S. Air Force

Securing Information Systems

Information Systems Security

CompTIA Security+ Study Guide (SY0-401)

ISSeG Integrated Site Security for Grids WP2 - Methodology

Threats and Survivability Architectures

Compliance with hardening standards

Securing Information Systems

CompTIA Security+ Study Guide (SY0-501)

IS4680 Security Auditing for Compliance

Effective Risk Management in Decision Making Process

Presentation transcript:

1 Multi-Attribute Risk Assessment Shawn A. Butler Computer Science Department Carnegie Mellon University 16 October 2002

2 Advantages of Multi-Attribute Risk Assessments Provides a systematic and repeatable method for evaluating risks Helps organizations identify and prioritize security requirements Makes explicit expectations about attack consequences Provides insights into the affect of uncertainty

3 Some Terminology Threats - events, which could lead to an information system compromise. (Examples: denial of service attacks, procedural violations, IP spoofing, etc.) Attacks -An attack (a) is an instance of a threat that results in an information system compromise. that has an outcome (O a ) Outcome - one or more consequences (X j ). Consequence – Damage (x j )from a successful attack (Examples: lost productivity, lost revenue, damaged public image, lost lives)

4 (Threat) Denial of Service (Outcomes) X 1 X 2 X 3 Lost Productivity Lost Revenue Damaged Public Image a 1 3 hours $0none a 2 40 hours$20,000moderate a 3 10 hours $500slight Attacks(Consequence Values (x 1, x 2, x 3 ) Outcome

5 Security Architecture Development Process Risk Assessment Outcomes Threats Prioritized Risks Select Countermeasures System Design Policies Requirements Available Countermeasures Security Components Develop Security Architecture Security Architecture Development Process

6 Multi-attribute Risk Assessment Process Threat Definition Threat Definition Threats Outcomes Org Threats Most Likely Outcomes Expected Frequency of Attack S.M. Best Est. Security Manager Questions Additive Model Risks Prioritized Sensitivity Analysis Sensitivity Analysis Compute Threat Indexes Compute Threat Indexes Estimate Outcome Values Estimate Outcome Values

7 The Additive Model Check additivity assumptions to see if the additive form is valid Assess the single-attribute value functions v 1, v 2, …, v n Assess the weighting factors w 1, w 2, …, w n Compute the value of each alternative and rank alternatives Conduct sensitivity analysis to see how sensitive the ranking is to model assumptions TI a = Freq a * (  j=attributes w j * v j (x aj ))

8 Independence Assumptions Tradeoffs between two consequence values — holding all other consequence values fixed — do not depend on where we hold the other attributes fixed

9 Assess Single Consequence Value Function LinearConcaveConvex v j (x aj ) xj*xj* xj*xj* xj*xj*

10 Weight the Consequences wjwj Outcome Attribute Rank Assessed Preference Weight (w j ) Lost Productivity Public Reputation Regulatory Penalties Lost Revenue

11

12 Compute Value and Rank Alternatives Outcome Consequences Lost Revenue Reputation Lost Productivity Reg. Penalt. TI Threatsfreq/yr w =.08w =.33w =.42w =.17 Procedural Violation 4,380$ hrs Theft 24$ hrs Virus 912$00003hrs

13 Developing Requirements System Scanning Host-Based IDS Vulnerability Assessment Scanners Penetration Testing Tools Network Based IDS Network Monitoring Tools Hardened OS Virus Hardened OS Electronic Signature Host-Based IDS Anti-virus software Mobile Code Scanners ThreatSecurity Technologies

14 Threat Indexes as a Percentage of Total Threat Index

15 OrderSAEM’s Top ThreatsSecurity Manager’s 1Procedural ViolationPersonal Computer Abuse 2VirusTheft 3Personal Computer AbuseVirus Threats Expected Frequency Public Image Lost Productivity Customer Relationships Procedural Violation 360,000/yrNone$100None Virus26,000/yrMild$4,000 Moderately Mild Personal Computer Abuse 2,000/yrMild$250None

16 Case Study Results Commercial-CaseHospital-Case Outcomes Damaged Public Image Patient Care Damaged Customer Relationships Damaged Public Image Lost Revenue Physician Perceptions Threats2715 Initial Correlation Coefficient Final Correlation Coefficient Refinements Adjusted both inputs and initial ranking Adjusted inputs Top Threats Viruses Alterations Viruses Compromising Emanations

17 Conclusions Multi-attribute Risk Assessments provide insight during risk assessment process Multi-attribute Risk Assessments can help security manager’s prioritize risks, which leads to prioritized requirements Inexperienced security managers will be able to benefit from information collected from other organizations