340 likes | 703 Views
“Electronic Commerce - Risk Management". Peter Croll. Large projects expensive failures Small companies loss of business Safety-critical loss of life Safety-related large equipment loss, environmental damage, human injury. Why is risk analysis important?. Risk Identification.
E N D
“Electronic Commerce - Risk Management" Peter Croll
Large projects expensive failures Small companies loss of business Safety-critical loss of life Safety-related large equipment loss, environmental damage, human injury Why is risk analysis important?
Risk Identification • Technology risks • People risks • Organisational risks • Tools risks • Requirements risks • Estimation risks
Avoidance strategies- reducing the probability of the risk occurring Minimisation strategies- reducing the impact Contingency plans- having an alternative strategy Risk Planning
Risk Analysis is core for Software Engineering Boehm’s spiral model (simplified)
Building a dependable distributed systems is difficult Enterprises have to weigh up the risks of competing forces Why analyse risk? time to market goodprocess
Delphi Threat Scenarios ALARP some methods for assessing risk exposure
Delphi Threat Scenarios ALARP some methods for assessing risk exposure • Delphi Method • Team of expert write down perceived threats • Threats are unified (approx. 50-100) • Questionnaire drawn up - each threat rated by: - likelihood - importance - cost (time/money) • Team undertakes a number of revisions until listed in order of importance by: - threat - probability of occurrence - estimation of losses • Response drawn from final list
Delphi Threat Scenarios ALARP some methods for assessing risk exposure • Threat Scenarios • Brainstorm on how to cope with failures • Participants asked the effect of:- the required systems were not functioning for a period- the required systems were destroyed- information was read by an unauthorised reader- information was modified with evidence …… • Plus questions like:- how can the system be harmed?- what are the potential consequences?- who or what is the enemy?- what are the targets?……
Delphi Threat Scenarios ALARP some methods for assessing risk exposure
Cost less than company turnover / 10? Cost less than the predicted insurance payout? Probability of loss of life > 10-3 p.a.? Road deaths in NSW 1.3 x 10 –4 Commercial Aircraft probability per flight = 3 x 10 –6 Who should determine these? How do we know they are accurate? Acceptable risk levels?
Risk Analysis • Probability <10% = very low10-25% = low25-50% = moderate50-75% = high>75% = very high insignificanttolerableseriouscatastrophic • Effects
Paying multiple SA funds through a single interface Aimed at Small Enterprises Clients connect via the Internet Links to the Banks’ payment and clearing network Links directly to the Tax Office Case study - EC superannuation payments
E-commerce Adversaries Trusted Hackers Malicious Hackers Disgruntled Employees Industrial Spies Terrorist Special Interest Groups Journalists Real Spies Criminals
Client application software Account-number access Password access Documentation of the system Eavesdropping tools Reverse-engineering tools Real-Time monitor tools Resources
Public Disclosure Financial Loss Inconvenience Loss of Trust Compromise Credit Rating Defamation of Character Consequence
“obscurity does not enhance security.” “it is easy for someone to create an algorithm that he himself cannot break.” “some people obsess about key length; a long key does not equal a strong system.” “the problem with bad cryptography is that it looks just like good cryptography.” “the social problems are much harder than the mathematics.” dispelling some cryptography myths
Fault Tree Example Access compromised A Server compromised Client compromised Comms compromised B3 B1 B2 Modified server software Obtained access codes Account name compromised Password compromised C1 C2 C 3 C4
resources knowledge desire expectance {software, account-number, password, documents, eavesdropping, reverse-eng, RT-monitor} { knowledge } { desire } { expectance } = threat-capability threat-intent {Negligible, VLow, Low, Medium, High, VHigh, Certain} {Negligible, VLow, Low, Medium, High, VHigh, Certain} = { Negligible, VLow, Low, Medium, High, VHigh, Certain } {Frequent, Probable, Occasional, Remote, Improbable, ExtremelyImprobable} threat-level threat-frequency = {Negligible, VLow, Low, Medium, High, VHigh, Certain} {PublicDisclosure, FinancialLoss, Inconvenience, LossOfTrust, CompromiseCreditRating, DefamationOfCharacter} threat-exposure threat- consequence f4 [threat-levelxthreat-frequency]-> threat-exposure = Determining the factors that influence Risk Threat signature. Each category of threat has a threat signature. f 1 [resources x knowledge] -> threat-capability f 2 [desire x expectance] ->threat-intent Threat-capability and threat-intent are used to determine threat-level. f 3 [threat-intentx threat-capability] ->threat-level Threat-level and threat-frequency are used to determine threat-exposure Threat-exposure and consequence are used to determine Risk. f 5[threat-exposurexconsequence] ->risk
SWSAHS MINET Dynamic Analysis - Embedding, Integrating and Adapting LEO satellites Telecoms Extranet Risk Engine Wireless application Intranet
Security Risk is dynamic Learn from others – avoid home grown solutions Ongoing reviews and monitoring are essential Good lines of communications must be established Top level management must be involved Don’t be complacent What did we learn about Risk Management?