1 / 17

Multi-Attribute Risk Assessment

Multi-Attribute Risk Assessment. Shawn A. Butler Computer Science Department Carnegie Mellon University 16 October 2002. Advantages of Multi-Attribute Risk Assessments. Provides a systematic and repeatable method for evaluating risks

Antony
Download Presentation

Multi-Attribute Risk Assessment

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Multi-Attribute Risk Assessment Shawn A. Butler Computer Science Department Carnegie Mellon University 16 October 2002

  2. Advantages of Multi-Attribute Risk Assessments • Provides a systematic and repeatable method for evaluating risks • Helps organizations identify and prioritize security requirements • Makes explicit expectations about attack consequences • Provides insights into the affect of uncertainty

  3. Some Terminology • Threats - events, which could lead to an information system compromise. (Examples: denial of service attacks, procedural violations, IP spoofing, etc.) • Attacks -An attack (a) is an instance of a threat that results in an information system compromise. that has an outcome (Oa) • Outcome - one or more consequences (Xj). • Consequence – Damage (xj)from a successful attack (Examples: lost productivity, lost revenue, damaged public image, lost lives)

  4. (Threat) Denial of Service (Outcomes) X1 X2 X3 Lost Productivity Lost Revenue Damaged Public Image Attacks(Consequence Values (x 1, x2, x 3) a13 hours $0 none a2 40 hours $20,000 moderate a3 10 hours $500 slight Outcome

  5. Threats Prioritized Risks Risk Assessment Outcomes Security Architecture Security Architecture Development Process Security Architecture Development Process System Design Available Countermeasures Security Components Select Countermeasures Develop Security Architecture Requirements Policies

  6. Sensitivity Analysis Threat Definition Compute Threat Indexes Estimate Outcome Values Multi-attribute Risk Assessment Process Expected Frequency of Attack Outcomes S.M. Best Est. Risks Prioritized Org Threats Threats Most Likely Outcomes Additive Model Security Manager Questions

  7. The Additive Model TIa = Freqa * (j=attributeswj * vj(xaj )) • Check additivity assumptions to see if the additive form is valid • Assess the single-attribute value functions v1, v2, …, vn • Assess the weighting factors w1, w2, …, wn • Compute the value of each alternative and rank alternatives • Conduct sensitivity analysis to see how sensitive the ranking is to model assumptions

  8. Independence Assumptions Tradeoffs between two consequence values — holding all other consequence values fixed — do not depend on where we hold the other attributes fixed

  9. Assess Single Consequence Value Function vj(xaj ) 1 1 1 0 0 xj* 0 xj* xj* Linear Convex Concave

  10. Outcome Attribute Rank Assessed Preference Weight (wj) Lost Productivity 1 100 .42 Public Reputation 2 80 .33 Regulatory Penalties 3 40 .17 Lost Revenue 4 20 .08 Weight the Consequences wj

  11. Compute Value and Rank Alternatives

  12. Developing Requirements

  13. Threat Indexes as a Percentage of Total Threat Index

  14. Case Study Results

  15. Conclusions • Multi-attribute Risk Assessments provide insight during risk assessment process • Multi-attribute Risk Assessments can help security manager’s prioritize risks, which leads to prioritized requirements • Inexperienced security managers will be able to benefit from information collected from other organizations

More Related