Quantitative Assessment of Cyber Security Risk using Bayesian Network-based model

被引：8

作者：

Mo, Sheung Yin Kevin ^{[1
]}

Beling, Peter A. ^{[1
]}

Crowther, Kenneth G. ^{[1
]}

机构：

[1] Univ Virginia, Charlottesville, VA 22903 USA

来源：

2009 IEEE SYSTEMS AND INFORMATION ENGINEERING DESIGN SYMPOSIUM (SIEDS) | 2009年

关键词：

D O I：

10.1109/SIEDS.2009.5166177

中图分类号：

TP39 [计算机的应用];

学科分类号：

081203 ; 0835 ;

摘要：

This paper proposes a quantitative model for assessing cyber security risk in information security. The model can be used to evaluate the security readiness of firms in the marketplace through qualitative and quantitative tools. We propose a Bayesian network methodology that can be used to generate a cyber security risk score that takes as input a firm's security profile and data breach statistics. The quantitative model enables cyber risk to be captured in a precise and comparable fashion. The objective of the scoring model is to create a common reference in the marketplace that could enhance incentives for firms to invest and improve their security systems. This paper concludes with a demonstration of scoring an intrusion detection network.

引用

页码：183 / 187

页数：5

共 8 条

[1] MARKET FOR LEMONS - QUALITY UNCERTAINTY AND MARKET MECHANISM [J].

AKERLOF, GA .

QUARTERLY JOURNAL OF ECONOMICS, 1970, 84 (03) :488-500

[2]

[Anonymous], 1996, An introduction to Bayesian networks

[3]

Haimes Y.Y., 2008, HARMONIZING UNITING

[4] HIERARCHICAL HOLOGRAPHIC MODELING [J].

HAIMES, YY .

IEEE TRANSACTIONS ON SYSTEMS MAN AND CYBERNETICS, 1981, 11 (09) :606-617

[5]

*INT STAND ORG, ISO IEC 27002 2005 I

[6]

MORRIS AT, 2004, DISS ABSTR INT B, V65, P2072

[7]

Privacy Rights Clearinghouse, 2009, CHRON DAT BREACH

[8]

TIPPETT P, 2008, 2008 VERIZON BUSINES

← 1 →