An Approach to Select Cost-Effective Risk Countermeasures Exemplified in CORAS

Risk is unavoidable in business and risk management is needed amongst others to set up good security policies. Once the risks are evaluated, the next step is to decide how they should be treated. This involves managers making decisions on proper countermeasures to be implemented to mitigate the risks. The countermeasure expenditure, together with its ability to mitigate risks, is factors that affect the selection. While many approaches have been proposed to perform risk analysis, there has been less focus on delivering the prescriptive and specific information that managers require to select cost-effective countermeasures. This paper proposes a generic approach to integrate the cost assessment into risk analysis to aid such decision making. The approach makes use of a risk model which has been annotated with potential countermeasures, estimates for their cost and effect. A calculus is then employed to reason about this model in order to support decision in terms of decision diagrams. We exemplify the instantiation of the generic approach in the CORAS method for security risk analysis.Comment: 33 page

Model-Based Mitigation of Availability Risks

The assessment and mitigation of risks related to the availability of the IT infrastructure is becoming increasingly important in modern organizations. Unfortunately, present standards for Risk Assessment and Mitigation show limitations when evaluating and mitigating availability risks. This is due to the fact that they do not fully consider the dependencies between the constituents of an IT infrastructure that are paramount in large enterprises. These dependencies make the technical problem of assessing availability issues very challenging. In this paper we define a method and a tool for carrying out a Risk Mitigation activity which allows to assess the global impact of a set of risks and to choose the best set of countermeasures to cope with them. To this end, the presence of a tool is necessary due to the high complexity of the assessment problem. Our approach can be integrated in present Risk Management methodologies (e.g. COBIT) to provide a more precise Risk Mitigation activity. We substantiate the viability of this approach by showing that most of the input required by the tool is available as part of a standard business continuity plan, and/or by performing a common tool-assisted Risk Management

Current established risk assessment methodologies and tools

The technology behind information systems evolves at an exponential rate, while at the same time becoming more and more ubiquitous. This brings with it an implicit rise in the average complexity of systems as well as the number of external interactions. In order to allow a proper assessment of the security of such (sub)systems, a whole arsenal of methodologies, methods and tools have been developed in recent years. However, most security auditors commonly use a very small subset of this collection, that best suits their needs. This thesis aims at uncovering the differences and limitations of the most common Risk Assessment frameworks, the conceptual models that support them, as well as the tools that implement them. This is done in order to gain a better understanding of the applicability of each method and/or tool and suggest guidelines to picking the most suitable one

Exiting the risk assessment maze: A meta-survey

Organizations are exposed to threats that increase the risk factor of their ICT systems. The assurance of their protection is crucial, as their reliance on information technology is a continuing challenge for both security experts and chief executives. As risk assessment could be a necessary process in an organization, one of its deliverables could be utilized in addressing threats and thus facilitate the development of a security strategy. Given the large number of heterogeneous methods and risk assessment tools that exist, comparison criteria can provide better understanding of their options and characteristics and facilitate the selection of a method that best fits an organization’s needs. This paper aims to address the problem of selecting an appropriate risk assessment method to assess and manage information security risks, by proposing a set of comparison criteria, grouped into 4 categories. Based upon them, it provides a comparison of the 10 popular risk assessment methods that could be utilized by organizations to determine the method that is more suitable for their needs. Finally, a case study is presented to demonstrate the selection of a method based on the proposed criteri

Risk and Business Goal Based Security Requirement and Countermeasure Prioritization

Companies are under pressure to be in control of their assets but at the same time they must operate as efficiently as possible. This means that they aim to implement “good-enough security” but need to be able to justify their security investment plans. Currently companies achieve this by means of checklist-based security assessments, but these methods are a way to achieve consensus without being able to provide justifications of countermeasures in terms of business goals. But such justifications are needed to operate securely and effectively in networked businesses. In this paper, we first compare a Risk-Based Requirements Prioritization method (RiskREP) with some requirements engineering and risk assessment methods based on their requirements elicitation and prioritization properties. RiskREP extends misuse case-based requirements engineering methods with IT architecture-based risk assessment and countermeasure definition and prioritization. Then, we present how RiskREP prioritizes countermeasures by linking business goals to countermeasure specification. Prioritizing countermeasures based on business goals is especially important to provide the stakeholders with structured arguments for choosing a set of countermeasures to implement. We illustrate RiskREP and how it prioritizes the countermeasures it elicits by an application to an action case

Decision support for choice of security solution: the Aspect-Oriented Risk Driven Development (AORDD)framework

In security assessment and management there is no single correct solution to the identified security problems or challenges. Instead there are only choices and tradeoffs. The main reason for this is that modern information systems and security critical information systems in particular must perform at the contracted or expected security level, make effective use of available resources and meet end-users' expectations. Balancing these needs while also fulfilling development, project and financial perspectives, such as budget and TTM constraints, mean that decision makers have to evaluate alternative security solutions.\ud \ud This work describes parts of an approach that supports decision makers in choosing one or a set of security solutions among alternatives. The approach is called the Aspect-Oriented Risk Driven Development (AORDD) framework, combines Aspect-Oriented Modeling (AOM) and Risk Driven Development (RDD) techniques and consists of the seven components: (1) An iterative AORDD process. (2) Security solution aspect repository. (3) Estimation repository to store experience from estimation of security risks and security solution variables involved in security solution decisions. (4) RDD annotation rules for security risk and security solution variable estimation. (5) The AORDD security solution trade-off analysis and trade-o¤ tool BBN topology. (6) Rule set for how to transfer RDD information from the annotated UML diagrams into the trad-off tool BBN topology. (7) Trust-based information aggregation schema to aggregate disparate information in the trade-o¤ tool BBN topology. This work focuses on components 5 and 7, which are the two core components in the AORDD framework

Simulation on off grid hybrid PV-battery system

With the growing usage of renewable energy sources (RES), solar photovoltaic (PV) systems have seen a considerable increase in their use over the last three decades, moving from freestanding to utility-connected PV systems. Off-grid is a type of power distribution system that makes use of renewable energy and is powered by a hybrid PV battery system. In this project the simulation on off grid hybrid PV battery system have been discussed. The system is modelled and simulate in MATLAB Simulink where a PV array with MPPT is connected to the DC bus with a battery storage system of 720 kWh, the performance of the PV system results shows an efficient MPPT where the modules output power at solar irradiance and ambient temperature of 1000 and 1500 W/m2 and 25 C temperature maintained at 2750 W which shows the MPPT efficiency is 98%

A business-oriented framework for enhancing web services security for e-business

Security within the Web services technology field is a complex and very topical issue. When considering using this technology suite to support interacting e-businesses, literature has shown that the challenge of achieving security becomes even more elusive. This is particularly true with regard to attaining a level of security beyond just applying technologies, that is trusted, endorsed and practiced by all parties involved. Attempting to address these problems, this research proposes BOF4WSS, a Business-Oriented Framework for enhancing Web Services Security in e-business. The novelty and importance of BOF4WSS is its emphasis on a tool-supported development methodology, in which collaborating e-businesses could achieve an enhanced and more comprehensive security and trust solution for their services interactions. This investigation began with an in-depth assessment of the literature in Web services, e-business, and their security. The outstanding issues identified paved the way for the creation of BOF4WSS. With appreciation of research limitations and the added value of framework tool-support, emphasis was then shifted to the provision of a novel solution model and tool to aid companies in the use and application of BOF4WSS. This support was targeted at significantly easing the difficulties incurred by businesses in transitioning between two crucial framework phases. To evaluate BOF4WSS and its supporting model and tool, a two-step approach was adopted. First, the solution model and tool were tested for compatibility with existing security approaches which they would need to work with in real-world scenarios. Second, the framework and tool were evaluated using interviews with industry-based security professionals who are experts in this field. The results of both these evaluations indicated a noteworthy degree of evidence to affirm the suitability and strength of the framework, model and tool. Additionally, these results also act to cement this thesis' proposals as innovative and significant contributions to the research field