Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Bücher
Zeitschriften
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
ATZ-Fachkongress

Chassis.tech plus 2024


4 Kongresse in einer Veranstaltung

Treffen Sie in München die Fachleute von Chassis, Lenkung, Bremsen sowie Reifen/Räder.
Erweiterte Suche
Anmelden
nach oben

2015 | Buch

Intentional Risk and Cyber-Security: A Motivating Introduction Kapitel lesen Erstes Kapitel lesen

Intentional Risk Management through Complex Networks Analysis

verfasst von: Victor Chapela, Regino Criado, Santiago Moral, Miguel Romance

Verlag: Springer International Publishing

Buchreihe : SpringerBriefs in Optimization

Enthalten in: Springer Professional "Wirtschaft+Technik" , Springer Professional "Technik" , Springer Professional "Wirtschaft"

Einloggen, um Zugang zu erhalten
insite
SUCHEN

Über dieses Buch

​​This book combines game theory and complex networks to examine intentional technological risk through modeling. As information security risks are in constant evolution, the methodologies and tools to manage them must evolve to an ever-changing environment. A formal global methodology is explained in this book, which is able to analyze risks in cyber security based on complex network models and ideas extracted from the Nash equilibrium. A risk management methodology for IT critical infrastructures is introduced which provides guidance and analysis on decision making models and real situations. This model manages the risk of succumbing to a digital attack and assesses an attack from the following three variables: income obtained, expense needed to carry out an attack, and the potential consequences for an attack. Graduate students and researchers interested in cyber security, complex network applications and intentional risk will find this book useful as it is filled with a number of models, methodologies and innovative examples. ​

Inhaltsverzeichnis

Frontmatter
Chapter 1. Intentional Risk and Cyber-Security: A Motivating Introduction
Abstract
Protecting digital assets has become increasingly difficult. For cyber-attackers, a successful infiltration will grant them valuable stolen assets or confer them beneficial strategic advantages. The main driver to assess the risk of a cyber-attack is the expected profit or benefit that the attacker will gain out of it. Two theoretical elements configure the pillars for a suitable high-level mathematical cyber-security model. On one hand, Game Theory, based on the stability analysis of the John Nash equilibrium Intentionality management and, on the other hand, Complex Network Theory (structure and dynamics) that provides a physical and logical structure where the game is played. The aim of this book is to present this cyber-risk management methodology and tools together with the scientific, mathematical and theoretical basis to support it. We present this management methodology by introducing the concept of intentionality as the backbone of cyber-risk management. This will allow information security professionals to better decision-making through real-time scenario analysis.
Victor Chapela, Regino Criado, Santiago Moral, Miguel Romance
Chapter 2. Mathematical Foundations: Complex Networks and Graphs (A Review)
Abstract
It is possible that the main approach to capture the global properties of complex systems is to model them as networks (graphs) whose nodes represent the units, and whose links stand for the interactions between them. This chapter is devoted to establish the main needed concepts on Graph Theory and Complex Networks we will use in building of our mathematical model.
Victor Chapela, Regino Criado, Santiago Moral, Miguel Romance
Chapter 3. Random Walkers
Abstract
There are several papers where the classical description of random walkers on a graph and on a network are given (Tetali, J Theor Probab 4:101–109, 1991; Wilson, Introduction to graph theory, vol 111. Academic, New York, 1972) although applications to networks with complex topology are quite more recent (Noh and Rieger, Phys Rev Lett 92:118701, 2004; Yang, Phys Rev E 71:016107, 2005). In this chapter we will review the main subjects related to random walkers we will need to introduce the concept of Accessibility in order to build our mathematical model in both contexts: Static Risk and Dynamic Risk. Moreover, we provide a review of the random walker basics. We also introduce the Markov chain mathematical model as a tool in order to ease the study of random surfers’. And finally, we present its applications to the computation of Accessibility in the context of Static and Dynamic Risk.
Victor Chapela, Regino Criado, Santiago Moral, Miguel Romance
Chapter 4. The Role of Accessibility in the Static and Dynamic Risk Computation
Abstract
This chapter is devoted to the description and computation of the A c c e s s i b i l i t y in Static and Dynamic Risk. As we will see, this parameter is essential for the computation of both types of intentional risks.
Victor Chapela, Regino Criado, Santiago Moral, Miguel Romance
Chapter 5. Mathematical Model I: Static Intentional Risk
Abstract
As we have presented in Chap. 1, two different types of risk related to Intentional Risk are identified: The Static Risk and the Dynamic Risk. Roughly speaking, we can summarize their differences as follows:
  • Static Risk: It is opportunistic risk. Its main feature is that this risk follows authorized paths. A clear example of this type of risk is when employees or contractors take data they have authorized access to and use it for personal gain.
  • Dynamic Risk: It is the type of directed intentional risk. It can be identified because of its tendency to follow unauthorized paths. The paradigm for this system is represented by the use of a vulnerability in the system to gain technical or administrative accesses. In other words, Dynamic Risk is directly linked to the use of potentially existing paths (but not authorized) in the network. An example of dynamic risk would be an intrusion to a network by external hackers.
The difference between the two types of risk is SUBSTANTIAL since in the dynamic risk the attacker is ready to MANIPULATE and MODIFY the system and the paths to ACCESS the intended content/part. On the other hand, the static risk is opportunistic and it only uses the authorized paths. The model introduced in this chapter joins together all the research on intentional attack risk modelled from complex networks concepts and it is based on the information accessibility of each element, on its value and on the anonymity level of the attacker. The proposed model of Static Intentional Risk uses an adapted complex network that allows modeling the risk in complex digital environments such as big corporate networks.
Victor Chapela, Regino Criado, Santiago Moral, Miguel Romance
Chapter 6. Mathematical Model II: Dynamic Intentional Risk
Abstract
In this chapter we establish the main definitions related to Dynamical Risk. We build the Dynamic Risk Model by assigning the corresponding attribute (Anonymity, Value, Accessibility) to each element of the new network. In this chapter we also compare both models, Static Risk Model and Dynamic Risk Model, pointing out the differences between them. It is important to highlight here that zero-day attacks are not integrated into the model.
Victor Chapela, Regino Criado, Santiago Moral, Miguel Romance
Chapter 7. Towards the Implementation of the Model
Abstract
As part of our research, we built a Proof of Concept (PoC) software application using real data to model real world computer networks and different types of known risks. Implementing a model most times involves a new set of detailed definitions and procedures that were not required for the high level mathematical model. Our goal was to be able to automate as much as possible the data collection and model generation. We wanted our results to have the least amount possible of human interpretation in the generation of the risk scores. We also wanted to use as inputs of our PoC application existing Open Source network vulnerability scanners and sniffers so that a complete solution could be deployed afterwards in real world scenarios. In this chapter we will go through the new detailed definitions we tested and used in our software as part of the process of building and testing our PoC.
Victor Chapela, Regino Criado, Santiago Moral, Miguel Romance
Backmatter
Metadaten
Titel
Intentional Risk Management through Complex Networks Analysis
verfasst von
Victor Chapela
Regino Criado
Santiago Moral
Miguel Romance
Copyright-Jahr
2015
Electronic ISBN
978-3-319-26423-3
Print ISBN
978-3-319-26421-9
DOI
https://doi.org/10.1007/978-3-319-26423-3

Premium Partner

    Bildnachweise