Information Security Risk Assessment under Uncertainty Using Dynamic Bayesian Networks
نویسنده
چکیده
The risk management process is the key task of every decision maker in an organization. This risk management process should be carried out periodically to review the security of the information assets in the organization. So if this process is to be efficient, the organization should first prioritize the information assets and should employ risk management procedure to avoid potential loss. But the uncertainty in the risk events and the additional tedious task of decision making under risk makes the risk management process inefficient. In this paper, a novel approach is presented; where Dynamic Bayesian Network models are constructed to identify multi stage attacks. The Dynamic Bayesian Network models help to detect the uncertain relationship associated with the risk event. The next task is inferring, where evidence is updated dynamically for the multiple time slices. Finally, a diagrammatic representation of the attack scenario and the constructed Dynamic Bayesian Network is shown to explain the effectiveness of the model in identifying multi stage attacks.
منابع مشابه
Bayesian Attack Graphs for Security Risk Assessment
Attack graphs offer a powerful framework for security risk assessment. They provide a compact representation of the attack paths that an attacker can follow to compromise network resources from the analysis of the network topology and vulnerabilities. The uncertainty about the attacker’s behaviour makes Bayesian networks suitable to model attack graphs to perform static and dynamic security ris...
متن کاملRisk Analysis of Operating Room Using the Fuzzy Bayesian Network Model
To enhance Patient’s safety, we need effective methods for risk management. This work aims to propose an integrated approach to risk management for a hospital system. To improve patient’s safety, we should develop flexible methods where different aspects of risk and type of information are taken into consideration. This paper proposes a fuzzy Bayesian network to model and analyze risk in the op...
متن کاملارزیابی پویا ریسک در سیستمهای فرآیندی شیمیایی با شبکه بیزین
Background and aims: Process systems due to processed under severe operational conditions and deal with large amounts of flammable and explosive materials have always led to many catastrophic accidents. Risk assessment is a useful tool for designing effective strategies for preventing and controlling these accidents. Conventional risk assessment methods have major deficiencies, including uncert...
متن کاملDynamic Bayesian Information Measures
This paper introduces measures of information for Bayesian analysis when the support of data distribution is truncated progressively. The focus is on the lifetime distributions where the support is truncated at the current age t>=0. Notions of uncertainty and information are presented and operationalized by Shannon entropy, Kullback-Leibler information, and mutual information. Dynamic updatings...
متن کاملDeveloping an Integrated Simulation Model of Bayesian-networks to Estimate the Completion Cost of a Project under Risk: Case Study on Phase 13 of South Pars Gas Field Development Projects
Objective: The aim of this paper is to propose a new approach to assess the aggregated impact of risks on the completion cost of a construction project. Such an aggregated impact includes the main impacts of risks as well as the impacts of interactions caused by dependencies among them. Methods: In this study, Monte Carlo simulation and Bayesian Networks methods are combined to present a frame...
متن کامل