Title :
A Scenario Method to Automatically Assess ICT Risk
Author :
Baiardi, Fabrizio ; Coro, Fabio ; Tonelli, Federico ; Sgandurra, Daniele
Author_Institution :
Dipt. di Inf., Univ. di Pisa, Pisa, Italy
Abstract :
We present an assessment of ICT systems that merges a scenario approach and a Monte Carlo method. To automate the assessment, we have developed two tools. The first one builds a formal description of the vulnerabilities in the target system and of the attacks they enable. Starting from this description, the second tool consider each scenario of interest and it simulate several times how intelligent and adaptive threat agents compose these attacks to reach some goals. By collecting samples in these simulations, this tool returns a database to compute statistics of interest for the assessment, such as the success probability of the agents or their average impacts. After outlining the design of the tools, we discuss a test case to show how they are exploited in a real assessment to manage the corresponding risk.
Keywords :
Monte Carlo methods; multi-agent systems; security of data; ICT systems assessment; Monte Carlo method; adaptive threat agent; formal description; intelligent agent; target system vulnerabilities; Accuracy; Complexity theory; Computational modeling; Databases; Monte Carlo methods; Probability; Topology; Monte Carlo method; intelligent threat agent; risk assessment; vulnerability assessment; vulnerability scanning;
Conference_Titel :
Parallel, Distributed and Network-Based Processing (PDP), 2014 22nd Euromicro International Conference on
Conference_Location :
Torino
DOI :
10.1109/PDP.2014.105
