Security Attribute Evaluation Method: A Cost Benefit Analysis

Security attribute evaluation method a cost benefit analysis l.jpg
1 / 39
0
0
1115 days ago, 456 views
PowerPoint PPT Presentation

Presentation Transcript

Slide 1

Security Attribute Evaluation Method: A Cost Benefit Analysis Shawn A. Head servant Computer Science Department Carnegie Mellon University 9 November 2001

Slide 2

M S We generally appear to need more security! Don't we have enough? Hello Boss, we require more security. I think we ought to get the new Acme 2000 Hacker Abolisher

Slide 3

M S What are my choices ? Believe me , we will be more secure! What is it going to cost ? What is the additional esteem ?

Slide 4

Alternatives? Esteem? S

Slide 5

Problem Security directors need organized money saving advantage techniques to assess and look at option security arrangements.

Slide 6

System Design Available Countermeasures Threats Security Components Prioritized Risks Select Countermeasures Risk Assessment Requirements Policies Outcomes Security Architecture Development Process Develop Security Architecture Security Architecture

Slide 7

System Design Available Countermeasures Threats Security Components Prioritized Risks Select Countermeasures Develop Security Architecture Risk Assessment Requirements Policies Outcomes Security Architecture Security Architecture Development Process

Slide 8

Threats Prioritized Risks Risk Assessment Outcomes The Multi Attribute Risk Assessment Determine dangers and results Assess result property estimations Assess weights Compute danger files Sensitivity Analysis

Slide 9

Threats Scanning Procedural Violation Browsing Distributed Denial of Service Password Nabbing Personal Abuse Signal Interception : 29 Threats Outcome Attributes Lost Productivity Lost Revenue Regulatory Penalties Reputation Lives Lost Lawsuits : O i = (Lost Prod, Lost Rev, Reg Penalties, Reputation) Determine Threats and Outcomes

Slide 10

Assess Outcome Attribute Values

Slide 11

Weight (w i ) Order Rank 1 .42 .08 .17 .33 100 20 40 80 Prioritize and Assess Weights (Swing Weight Method) Worst Best Lost Prod Lost Rev Reg Penal Reputation 240 hrs $12,000 3 4 0 hrs $0 0 4 3 2

Slide 12

So decide Value Functions V j (x j ) 1 0 3 12,000 0 240 4 P: Lost Productivity 0 G: Regulatory Penalties L: Lost Revenue R: Reputation Compute Threat Indices Hours + $$ + Reputation + Regulatory Penalties = ? Rubbish ! L(x 1 ) $$ + P(x 2 )Hours + R(x 3 )Reputation + G(x 4 )Regulatory Penalties = TI

Slide 13

Expected danger p expected  ( j=attributes W j  V j (x j expected )) Threat file TI a = Freq a  [ p low  ( j=attributes W j  V j (x j low )) + p expected  ( j=attributes W j  V j (x j expected )) + p high  ( j=attributes W j  V j (x j high )) ] Computing the Threat Index

Slide 14

Scanning in More Detail .01 = p low  ( j=attributes W j  V j (x j low )) .07 = p expected  ( j=attributes W j  V j (x j expected )) .00 = p high  ( j=attributes W j  V j (x j high )) 10,220  (.01 +.07 +.00)  886.57

Slide 15

Risk Assessment Results

Slide 16

But shouldn't something be said about the numbers?

Slide 17

Risk Assessment Sensitivity Analysis Attack Frequencies Outcome Attribute Values Attribute Weights

Slide 18

Probability Distributions Scanning Frequency Dist Scanning Reputation Dist

Slide 20

Change in TI Rankings ?

Slide 21

0.160 Mean=11.004 0.140 0.120 0.100 Prob Density 0.080 0.060 0.040 0.020 0.000 0 10 20 30 Rank 5% 90% 5% 6 25 Cryptographic Compromise Distribution

Slide 22

Compromise/Low/L45 Alteration/Low/F37 .075 - .063 Denial of Service/Anti-S.../Y49 Logic Bomb/FREQ/year/B24 .061 Trojan Horse/Low/F44 .057 Procedural Violation/Bio.../AR35 .054 - .053 Scanning/URL Block/AA34 Message Stream Mod/Crypt.../AE48 .048 - .048 Logic Bomb/Auditing/AU55 Procedural Violation/e-S.../AO35 .046 Passwrod Nabbing/Line En.../AB46 .046 Personal Abuse/Low/F52 .046 Trap Door/Auditing/AU47 .045 Std b Coefficients Regression Sensitivity - .639 Reputation Outcome - .213 Reputation/w j Lost Productivity/K30 .19 .078 - 1 - 0.75 - 0.5 - 0.25 0 0.25 0.5 0.75 1

Slide 23

Sensitivity Analysis How touchy are the responses to estimation mistakes? Does it make a difference if the evaluations are not exact? How precise do they need to be before the choice changes? At the point when is it imperative to assemble extra data?

Slide 24

System Design Available Countermeasures Security Components Select Countermeasures Requirements Policies Security Architecture Selecting Countermeasures Threats Prioritized Risks Develop Security Architecture Risk Assessment Outcomes

Slide 25

Security Attribute Evaluation Method (SAEM) What is SAEM? An organized money saving advantage examination method for assessing and selecting elective security plans Why SAEM? Security administrators make unequivocal their suppositions Decision justification is caught Sensitivity examination demonstrates how suspicions influence plan choices Design choices are re-assessed reliably when presumptions change Stakeholders see whether their speculation is predictable with hazard desires

Slide 26

System Design Available Countermeasures Security Components Select Countermeasures Policies Requirements SAEM Process Evaluation Method Assess security innovation benefits Evaluate security innovation benefits Assess scope Analyze Costs Prioritized Risks

Slide 27

Effectiveness Percentages Security Tech Auth Policy Serv Virtual Priv Net Hardened OS Net Monitors Prxy Firewall Vuln Assess PF Firewall Host IDS Net IDS Auditing Threat Assess Security Technology Benefits

Slide 28

Evaluate Security Technology Benefits Security Tech Auth Policy Serv Virtual Priv Net Hardened OS Net Monitors Prxy Firewall Vuln Assess PF Firewall Host IDS Net IDS Auditing Threat

Slide 29

Prioritized Technologies

Slide 30

Assess Coverage

Slide 31

Host Intrusion Detection Coverage

Slide 32

Auditing Coverage

Slide 33

Analyze Costs 589  Host IDS  Net IDS  Auditing Threat Index   Auth Policy Server  Smart Cards  Single Sign-on  PKI Cert 0 $20,000 $0 Purchase Cost

Slide 34

SAEM Sensitivity Analysis The helplessness Assessment apparatus is 66% viable. What does that truly mean?

Slide 35

Security Technology Effects on the Risk Assessment Benefit Estimates: Reduce Frequency Change Outcomes Vulnerability Assess Scanner Benefit Distribution

Slide 36

Top 25 Countermeasure Rankings Reduced Frequency

Slide 37

Countermeasure Rank Overlaps

Slide 38

Outcome Changes Procedural Violations Reputation After Before

Slide 39

Preliminary Results Risk Assessment danger records reflect security administrator's worries in light of meetings and criticism Security supervisors can gauge innovation benefits in view of experience, hierarchical ability levels, and risk desires Sensitivity Analysis is vital to method in view of instability of presumptions

SPONSORS