RISKEE: A Risk-Tree Based Method for Assessing Risk in Cyber Security

Michael Krisper*, Jürgen Dobaj, Georg Macher, Christoph Schmittner

*Korrespondierende/r Autor/in für diese Arbeit

Publikation: Beitrag in Buch/Bericht/KonferenzbandBeitrag in einem Konferenzband

Abstract

In this paper, the RISKEE method for evaluating risk in cyber security is described. RISKEE is based on attack graphs and the Diamond model combined with the FAIR method for assessing and calculating risk. It can be used to determine the risks of cyber-security attacks as a basis for decision-making. It works by forwarding estimations of attack frequencies and probabilities over an attack graph, calculating the risk at impact nodes with Monte-Carlo simulation, and propagating the resulting risk backward again. The method can be applied throughout all development phases and even be refined at runtime of a system. It involves system analysts, cyber security experts as well as domain experts for judgement of the attack frequencies, system vulnerabilities, and loss magnitudes.

Originalspracheenglisch
TitelSystems, Software and Services Process Improvement - 26th European Conference, EuroSPI 2019, Proceedings
Redakteure/-innenAlastair Walker, Rory V. O’Connor, Richard Messnarz
Herausgeber (Verlag)Springer Verlag
Seiten45-56
Seitenumfang12
ISBN (Print)9783030280048
DOIs
PublikationsstatusVeröffentlicht - Sep 2019
Veranstaltung26th European Conference on Systems, Software and Services Process Improvement, EuroSPI 2019 - Edinburgh, Großbritannien / Vereinigtes Königreich
Dauer: 18 Sep 201920 Sep 2019

Publikationsreihe

NameCommunications in Computer and Information Science
Band1060
ISSN (Print)1865-0929
ISSN (elektronisch)1865-0937

Konferenz

Konferenz26th European Conference on Systems, Software and Services Process Improvement, EuroSPI 2019
LandGroßbritannien / Vereinigtes Königreich
OrtEdinburgh
Zeitraum18/09/1920/09/19

ASJC Scopus subject areas

  • !!Computer Science(all)
  • !!Mathematics(all)

Fields of Expertise

  • Information, Communication & Computing

Fingerprint Untersuchen Sie die Forschungsthemen von „RISKEE: A Risk-Tree Based Method for Assessing Risk in Cyber Security“. Zusammen bilden sie einen einzigartigen Fingerprint.

Dieses zitieren