Tool supported risk modeling and analysis of evolving critical infrastructures

Part 2: Workshop; International audience; Risk management is coordinated activities to direct and control an organization with regard to risk, and includes the identification, analysis and mitigation of unacceptable risks. For critical infrastructures consisting of interdependent systems, risk analysis and mitigation is challenging because the overall risk picture can be strongly affected by changes in only a few of the systems. In order to continuously manage risks and maintain an adequate level of protection, there is a need to continuously maintain the validity of risk models while systems change and evolve. This paper presents a risk analysis tool that supports the modeling and analysis of changing and evolving risks. The tool supports the traceability of system changes to risk models, as well as the explicit modeling of the impact on the risk picture. The tool, as well as the underlying risk analysis method, is exemplified and validated in the domain of air traffic management. Document type: Part of book or chapter of boo

When to Treat Security Risks with Cyber Insurance

Transferring security risk to a third party through cyber insurance is an unfamiliar playing field for a lot of organisations, and therefore many hesitate to make such investments. Indeed, there is a general need for affordable and practical ways of performing risk quantification when determining risk treatment options. To address this concern, we propose a lightweight, data-driven approach for organisations to evaluate their own need for cyber insurance. A generic risk model, populated with available industry averages, is used as a starting point. Individual organisations can instantiate this model to obtain a risk profile for themselves related to relevant cyber threats. The risk profile is then used together with a cyber insurance profile to estimate the benefit and as a basis for comparing offers from different insurance providers.publishedVersio

When to Treat Security Risks with Cyber Insurance

Transferring security risk to a third party through cyber insurance is an unfamiliar playing field for a lot of organisations, and therefore many hesitate to make such investments. Indeed, there is a general need for affordable and practical ways of performing risk quantification when determining risk treatment options. To address this concern, we propose a lightweight, data-driven approach for organisations to evaluate their own need for cyber insurance. A generic risk model, populated with available industry averages, is used as a starting point. Individual organisations can instantiate this model to obtain a risk profile for themselves related to relevant cyber threats. The risk profile is then used together with a cyber insurance profile to estimate the benefit and as a basis for comparing offers from different insurance providers.acceptedVersio

MEADOW- A Dataflow Language for Modelling Large and Dynamic Networks

We address three main problems regarding the use of the traditional dataflow language (TDL) for modelling large and dynamic networks: • The problem of scalability. The concepts and notations of TDL do not scale well. Thus TDL specifications may get large (space consuming) and chaotic. • The problem of generality. TDL does not have the expressibility for specifying networks consisting of n (a general number) components. We distinguish between five different network topologies consisting n components that can not be specified in TDL. For point-to-point networks these are the star, ring and tree topologies, for multipoint networks the ring and the bus topologies. • The problem of expressing dynamic reconfiguration. TDL is not well suited for the specification of dynamic networks. We distinguish between three kinds of dynamic networks: object-oriented networks, ad hoc networks, and mobile code networks. Based on an examination of three state-of-the-art modelling languages (FOCUS, SDL-2000 and UML 2.0), we propose a language, MEADOW (Mod-Elling lAnguage for DataflOW) that essentially is an extension of TDL. Our hypothesis is that MEADOW successfully solves the problems mentioned above, and we argument by small examples and case studies. iii iv Foreword This thesis is submitted for the fulfilment of the Cand. Scient. degree in Informatics at the Department of Informatics, University of Oslo (UIO). The work on this thesis has been carried out at SINTEF Telecom and Informatics under supervision of Ketil Stølen. I would like to thank Frode, Bjørn Håvard, Marit, Ole Andre, Ole Morten and Øystein for being good friends and for doing some spell-checking. Most of all I would like to thank my adviser, Ketil Stølen for being a source of inspiration and for his skillful guidance and help throughout the whole process

An Evaluation of a Test-driven Security Risk Analysis Method Based on an Industrial Case Study

This report is an evaluation describing the experiences obtained from a case study, carried out in a period of eight months from June 2012 to January 2013, in which we conducted a test-driven security risk analysis. Test-driven security risk analysis is a method for carrying out security risk analysis in which security testing is used to support the security risk analysis. The method consists of three main phases. In Phase 1, a security risk analysis is carried out. In Phase 2, security testing is carried out with respect to the security risk analysis. In the 3rd and final phase, the results obtained from the security risk analysis are validated and updated with respect to the test results. Our objective with the case study was to assess how useful testing is for gaining confidence in the correctness of the risk models produced in the risk analysis. To make the evaluation precise, we analysed the difference between the risk model produced before testing and the updated risk model after testing. The results obtained from the case study shows that testing contributes in gaining higher confidence of the correctness of the risk models. Oppdragsgiver: Norwegian Research Counci

Information Flow Property Preserving Transformation of UML Intraction Diagrams

-STF90 A06030We present an approach for secure information flow property preserving refinement and transformation of UML inspired interaction diagrams. The approach is formally underpinned by trace-semantics. The semantics is sufficiently expressive to distinguish underspecification from explicit nondeterminism. A running example is used to introduce the approach and to demonstrate that it is of practical value. Oppdragsgiver SINTE

Model-driven risk analysis of evolving critical infrastructures

The protection and security of critical infrastructures are important parts of Homeland Defense. Adequate means for analyzing the security risks of such infrastructures is a prerequisite for properly understanding the security needs and for maintaining appropriate incident preparedness. Risk management is coordinated activities to direct and control an organization with regard to risk, and includes the identification, analysis and mitigation of unacceptable risks. For critical infrastructures consisting of interdependent systems, risk analysis and mitigation is challenging because the overall risk picture may be strongly affected by changes in only a few of the systems. In order to continuously manage risks and maintain an adequate level of protection, there is a need to continuously maintain the validity of risk models while systems change and evolve. This paper addresses these challenges by presenting an approach to model-driven security risk analysis of changing and evolving systems. The approach is a tool-supported method with techniques and modeling support for traceability of system changes to risk models, as well as the explicit modeling of the impact of changes on the current risk picture. The presented artifacts are exemplified and validated in the domain of air traffic management

A Method for Developing Algorithms for Assessing Cyber-Risk Cost

We present a method for developing executable algorithms for quantitative cyber-risk assessment. Exploiting techniques from security risk modeling and actuarial approaches, the method pragmatically combines use of available empirical data and expert judgments. The input to the algorithms are indicators providing information about the target of analysis, such as suspicious events observed in the network. Automated execution of the algorithms facilitates continuous assessment.submittedVersio

Tool-Supported Risk Modeling and Analysis of Evolving Critical Infrastructures

Part 2: WorkshopInternational audienceRisk management is coordinated activities to direct and control an organization with regard to risk, and includes the identification, analysis and mitigation of unacceptable risks. For critical infrastructures consisting of interdependent systems, risk analysis and mitigation is challenging because the overall risk picture can be strongly affected by changes in only a few of the systems. In order to continuously manage risks and maintain an adequate level of protection, there is a need to continuously maintain the validity of risk models while systems change and evolve. This paper presents a risk analysis tool that supports the modeling and analysis of changing and evolving risks. The tool supports the traceability of system changes to risk models, as well as the explicit modeling of the impact on the risk picture. The tool, as well as the underlying risk analysis method, is exemplified and validated in the domain of air traffic management