Dynamic Security Risk Management Considering Systems Structural and Probabilistic Attributes
Today’s cyber-attacks are getting more sophisticated and their volume is consistently growing. Organizations suffer from various attacks in their lifetime each of which exploiting different vulnerabilities, therefore, preventing them all is not affordable nor effective. Hence, selecting the optimal set of security countermeasures to protect IT assets from being compromised is a challenging task which requires various considerations such as vulnerabilities characteristics, countermeasures effectiveness, existing security policies and budget limitations. In this paper, a dynamic security risk management framework is presented which identifies the optimal risk mitigation plans for preventing ongoing cyber-attacks regarding limited budget. Structural and probabilistic analysis of system model are conducted in two parallel and independent aspects in which the most probable system's risk hotspots are identified. Suitability of countermeasures are also calculated based on their ability in covering vulnerabilities and organizational security policies. Moreover, a novel algorithm for dynamically conducting cost-benefit analysis is proposed which identifies optimal security risk mitigation plans. Finally, practical applicability is ensured by using a case study.
- حق عضویت دریافتی صرف حمایت از نشریات عضو و نگهداری، تکمیل و توسعه مگیران میشود.
- پرداخت حق اشتراک و دانلود مقالات اجازه بازنشر آن در سایر رسانههای چاپی و دیجیتال را به کاربر نمیدهد.