Sinopsis
This book provides a scientific modeling approach for conducting metrics-based quantitative risk assessments of cybersecurity vulnerabilities and threats.
This book provides a scientific modeling approach for conducting metrics-based quantitative risk assessments of cybersecurity threats. The author builds from a common understanding based on previous class-tested works to introduce the reader to the current and newly innovative approaches to address the maliciously-by-human-created (rather than by-chance-occurring) vulnerability and threat, and related cost-effective management to mitigate such risk. This book is purely statistical data-oriented (not deterministic) and employs computationally intensive techniques, such as Monte Carlo and Discrete Event Simulation. The enriched JAVA ready-to-go applications and solutions to exercises provided by the author at the book's specifically preserved website will enable readers to utilize the course related problems.
� Enables the reader to use the book´s website´s applications to implement and see results, and use them making 'budgetary' sense
� Utilizes a data analytical approach and provides clear entry points for readers of varying skill sets and backgrounds
� Developed out of necessity from real in-class experience while teaching advanced undergraduate and graduate courses by the author
Cyber-Risk Informatics is a resource for undergraduate students, graduate students, and practitioners in the field of Risk Assessment and Management regarding Security and Reliability Modeling.
Mehmet Sahinoglu, a Professor (1990) Emeritus (2000), is the founder of the Informatics Institute (2009) and its SACS-accredited (2010) and NSA-certified (2013) flagship Cybersystems and Information Security (CSIS) graduate program (the first such full degree in-class program in Southeastern USA) at AUM, Auburn University's metropolitan campus in Montgomery, Alabama. He is a fellow member of the SDPS Society, a senior member of the IEEE, and an elected member of ISI. Sahinoglu is the recipient of Microsoft´s Trustworthy Computing Curriculum (TCC) award and the author of Trustworthy Computing (Wiley, 2007).
Table of Contents
PROLOGUE, REVIEWS vi
PREFACE 12
ACKNOWLEDGMENTS AND DEDICATION 19
ABOUT THE AUTHOR 20
Chapter 1 Metrics, Statistical Quality Control and Basic Reliability in Cyber-Risk 21
Learning Objectives 21
Abstract 21
1.1. Deterministic and Stochastic Cyber-Risk Metrics 22
1.2. Statistical Risk Analysis 23
1.3. Acceptance Sampling in Quality Control 37
1.4. Poisson and Normal Approximations to Binomial in Quality Control 40
1.5. Basic Statistical Reliability Concepts and Monte Carlo Simulators 43
1.6. Discussions and Conclusion 62
1.7. Exercises 73
1.8. References 81
Chapter 2 Complex Network Reliability Evaluation and Estimation in Cyber-Risk 83
Learning Objectives 83
Abstract 83
2.1. Introduction 84
2.2. Overlap Technique to Calculate Complex Network Reliability 85
2.3. The Overlap Method: Monte Carlo and Discrete-Event Simulation 92
2.4. Multistate System Reliability Evaluation 95
2.5. Weibull Distributed Reliability Evaluation 101
2.6. Discussions and Conclusion 115
2.7. Appendix: Overlap Algorithm and Example 115
2.8. Exercises 126
2.9. References 127
Chapter 3 Stopping Rules for Reliability and Security Tests in Cyber-Risk 131
Learning Objectives 131
Abstract 131
3.1. Introduction 132
3.2. Methods 134
3.3. Examples Merging Both Stopping Rules: LGM and CPM 140
3.4. Stopping Rule for Testing in the Time Domain 157
3.5. Discussions and Conclusion 165
3.6. Appendix (Solutions to T4 Analysis) 167
3.7. Exercises 170
3.8. References 171
Chapter 4 Security Assessment and Management in Cyber-Risk 173
Learning Objectives 173
Abstract 173
4.1. Introduction 174
4.2. Security Meter (SM) Model Design 178
4.3. Verification of the Probabilistic Security Meter Method by
Monte Carlo Simulation and Math-Statistical Triple Product Rule 181
4.4. Modifying the SM Quantitative Model for Categorical, Hybrid, and Nondisjoint Data 197
4.5. Maintenance Priority Determination-Example for 3 X 3 X 2 SM 206
4.6. Privacy Meter (PM): How to Quantify Privacy Breach 210
4.7. Polish Decoding (Decompression) Algorithm 214
4.8. Discussions and Conclusion 216
4.9. Exercises 217
4.10. References 225
Chapter 5 Game-Theoretic Computing in Cyber-Risk 227
Learning Objectives 227
Abstract 227
5.1. Historical Perspective to Game Theory's Origins 228
5.2. Applications of Game Theory to Cybersecurity Risk 229
5.3. Intuitive Background-Concepts, Definitions and Nomenclature 230
5.4. Random Probabilistic Selection for Nash Mixed Strategy 234
5.5. Adversarial Risk Analysis Models by Banks, Rio & Rio 237
5.6. Alternative Model: Sahinoglu´s Security Meter for Neumann and Nash Mixed Strategy 241
5.7. Other Interdisciplinary Applications of Risk-Meters 245
5.8. Mixed-Strategy for Risk Assessment and Management - University Server and Social Network Examples 246
5.9. Application to Health Care Service Risk 249
5.10. Application to Environmetrics and Ecology Risk 254
5.11. Application to Digital Forensics Risk 259
5.12. Application to Business Contracting Risk 265
5.13. Application to National Cybersecurity Risk 269
5.14. Application to Airport Service Quality Risk 277
5.15. Application to Offshore Oil-Drilling Spill and Security Risk 282
5.16. Discussions and Conclusion 289
5.17. Exercises 291
5.18. References 295
Chapter 6 Modeling and Simulation in Cyber-Risk 303
Learning Objectives 303
Abstract 303
6.1. Introduction and a Brief History to Simulation 304
6.2. Generic Theory- Case Studies on Goodness of Fit for Uniform Numbers 305
6.3. Why Crucial to Manufacturing and Cyber Defense 305
6.4. A Cross Section of Modeling and Simulation in Manufacturing 307
6.5. A Review of Modeling and Simulation in Cybersecurity 327
6.6. Application of Queing Theory and Simulation to Cybersecurity 332
6.7. Discussions and Conclusion 334
6.8. Appendix 334
6.9. Exercises 341
6.10. References 361
Chapter 7 Cloud Computing in Cyber-Risk 365
Learning Objectives 365
Abstract 365
7.1. Introduction and Motivation 366
7.2. Cloud Computing Risk Assessment 368
7.3. Motivation and Methodology 369
7.4. Various Applications to Cybersystems 375
7.5. Large Cyber Systems using Statistical Methods 382
7.6. Repair Crew and Product Reserve Planning to Manage Risk Cost Effectively Using Cyber-Risk Solver Cloud Management Java Tool 384
7.7. Remarks for 'Physical Cloud' Employing Physical Products (Servers, Generators, Communication Towers and Others) 397
7.8. Applications to ´Social (Human Resources) Cloud´ 399
7.9. Stochastic Cloud System Simulation 405
7.10. Cloud Risk-Meter Analysis 424
7.11. Discussions
Librería Portfolio