Presentation is loading. Please wait.

Presentation is loading. Please wait.

12/5/2003Sergio Caltagirone University of Idaho An Active Defense Decision Model Sergio Caltagirone Major Professor: Deborah Frincke, PhD University of.

Published byJustina Summers Modified over 8 years ago

Similar presentations

Presentation on theme: "12/5/2003Sergio Caltagirone University of Idaho An Active Defense Decision Model Sergio Caltagirone Major Professor: Deborah Frincke, PhD University of."— Presentation transcript:

1 12/5/2003Sergio Caltagirone University of Idaho An Active Defense Decision Model Sergio Caltagirone Major Professor: Deborah Frincke, PhD University of Idaho scaltagi@acm.org

2 12/5/2003Sergio Caltagirone University of Idaho Purpose of Research Provide a generalizable, extendable model for any organization –Completely model the risk of the threat and AD actions –Find best active defense solution for the threat (allow for automation) –Provide legal (and ethical) due diligence Why? –Current tools are inefficient and sometimes critically ineffective –Model is technologically independent –*** Fear ***

3 12/5/2003Sergio Caltagirone University of Idaho Stages of An Active Defense 1.*Planning  Active Defense Policy  Escalation Ladder 2.Detection From security tools 3.Evaluation Place within policy 4.Decision Which action? 5.Action Get ‘em 6.Analysis Did action work? 7.Escalation Move to next action 8.Maintenance Keep policy updated Reporting

4 12/5/2003Sergio Caltagirone University of Idaho The Model AD Policy Escalation Ladder Asset Evaluation Action Evaluation Asset Identification Threat Identification Risk Identification Goal Identification Action Identification Action Classification Risk Identification Utility Modifier Success Ordering Graph Shortest Path Contingency Plan

5 12/5/2003Sergio Caltagirone University of Idaho Example Scoring Chart Financial 10Loss of $1 billion 9Loss of $500 million 8Loss of $100 million … 0No Loss Gain of $10,000 … -10Gain of $1 billion

6 12/5/2003Sergio Caltagirone University of Idaho Example Asset Evaluation Asset (A1): Student Records Database Confidentiality Threats Threat (TC-1): Outsider gains access and copies sensitive data FINAL SCORE: Legal RisksScoreProbabilityScore * Prob L1: National Security Risks NS1: Students’ social security number are released Financial Risks F1: Loss of tuition5.84 F2: Loss of financial donations7.42.8 Ethical Consequences EC1:

7 12/5/2003Sergio Caltagirone University of Idaho Threat: TA-1Goal: Stop the ongoing DoS attack while preserving access to the database behind the campus firewall Stage 1 Actions Act1:Risk Score: Success Order: LegalScoreProbS * P National Security Financial E. Consequences E. Actions Stage 2 Actions Example Action Evaluation

8 12/5/2003Sergio Caltagirone University of Idaho Example Escalation Ladder Graph U/0 Act1/7 Act2/-1 Act3/2 Act4/2 Act5/3 Act6/1 V/0 Stage 0Stage 1Stage 2Stage n…. Vertex Cost = Risk(Action) – Risk(Threat) – Success(Action)

9 12/5/2003Sergio Caltagirone University of Idaho Final Thoughts Current Work: –Complete this paper (currently in draft form) Where does the algorithm stop other than at threat mitigation? (total risk) Examples need work Final Analysis Future Work: –Implement in an IDS or automated fashion –Usability studies on potential model interfaces Questions?

Download ppt "12/5/2003Sergio Caltagirone University of Idaho An Active Defense Decision Model Sergio Caltagirone Major Professor: Deborah Frincke, PhD University of."

Similar presentations

CIRAS PROJECT OVERVIEW

CIRAS PROJECT OVERVIEW
Assembly Bill 617 (Torrico) Financial Risk Mitigation February 23, 2009.

Assembly Bill 617 (Torrico) Financial Risk Mitigation February 23, 2009.
McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.

McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Service Design – Section 4.5 Service Continuity Management.

Service Design – Section 4.5 Service Continuity Management.
S5-1 © 2001 Carnegie Mellon University OCTAVE SM Process 5 Identify Key Components Software Engineering Institute Carnegie Mellon University Pittsburgh,

S5-1 © 2001 Carnegie Mellon University OCTAVE SM Process 5 Identify Key Components Software Engineering Institute Carnegie Mellon University Pittsburgh,
August 9, 2005UCCSC Converting Policy to Reality Building Campus Security Programs Karl Heins -- Director of IT Audit Services Office of the University.

August 9, 2005UCCSC Converting Policy to Reality Building Campus Security Programs Karl Heins -- Director of IT Audit Services Office of the University.
COMP8130 and COMP4130 Adrian Marshall Verification and Validation Risk Management Adrian Marshall.

COMP8130 and COMP4130 Adrian Marshall Verification and Validation Risk Management Adrian Marshall.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
Hewitt.com Redesign Security Considerations Jorgen Hesselberg, MITP’07 Brute Force.

Hewitt.com Redesign Security Considerations Jorgen Hesselberg, MITP’07 Brute Force.
(Geneva, Switzerland, September 2014)

(Geneva, Switzerland, September 2014)
The Information Systems Audit Process

The Information Systems Audit Process
Managing Project Risk.

Managing Project Risk.
Risk Management Vs Risk avoidance William Gillette.

Risk Management Vs Risk avoidance William Gillette.
1 Business Continuity. 2 Continuity strategy Business impact Incident response Disaster recovery Business continuity.

1 Business Continuity. 2 Continuity strategy Business impact Incident response Disaster recovery Business continuity.
Full Cycle: AMS’ Loss Control Environment is a full cycle loss control management solution that offers comprehensive management of the entire inspection.

Full Cycle: AMS’ Loss Control Environment is a full cycle loss control management solution that offers comprehensive management of the entire inspection.
Implementing and Auditing Ethics Programs

Implementing and Auditing Ethics Programs
HIPAA COMPLIANCE WITH DELL

HIPAA COMPLIANCE WITH DELL
What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.

What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.

Similar presentations

Ads by Google