Title :
Quantitative assessment of cyber security risk using bayesian network-based model
Author :
Mo, Sheung Yin Kevin ; Beling, Peter A. ; Crowther, Kenneth G.
Author_Institution :
Dept. of Syst. Eng., Univ. of Virginia, Charlottesville, VA, USA
Abstract :
This paper proposes a quantitative model for assessing cyber security risk in information security. The model can be used to evaluate the security readiness of firms in the marketplace through qualitative and quantitative tools. We propose a Bayesian network methodology that can be used to generate a cyber security risk score that takes as input a firm´s security profile and data breach statistics. The quantitative model enables cyber risk to be captured in a precise and comparable fashion. The objective of the scoring model is to create a common reference in the marketplace that could enhance incentives for firms to invest and improve their security systems. This paper concludes with a demonstration of scoring an intrusion detection network.
Keywords :
Internet; belief networks; information systems; probability; risk management; security of data; Bayesian network; Internet; cyber security risk; data breach statistics; firm security profile; information security; information system; intrusion detection network; probability; quantitative assessment; Banking; Bayesian methods; Business; Computer security; Data security; Information security; Internet; Protection; Systems engineering and theory; Terrorism;
Conference_Titel :
Systems and Information Engineering Design Symposium, 2009. SIEDS '09.
Conference_Location :
Charlottesville, VA
Print_ISBN :
978-1-4244-4531-8
Electronic_ISBN :
978-1-4244-4532-5
DOI :
10.1109/SIEDS.2009.5166177
