IDEAS home Printed from https://ideas.repec.org/a/spr/envsyd/v33y2013i4d10.1007_s10669-013-9463-4.html
   My bibliography  Save this article

Assessing ICT risk through a Monte Carlo method

Author

Listed:
  • Fabrizio Baiardi

    (Università di Pisa)

  • Daniele Sgandurra

    (CNR)

Abstract

To assess and manage the risk due to an information and communication system before its deployment, data of interest can be produced by a Monte Carlo method. This paper presents Haruspex, a software tool that applies a Monte Carlo method to simulate intelligent and adaptive threat agents that reach predefined goals through plan with several attacks. The samples that Haruspex collects are used to compute statistics on the agent’s impacts and their plans as well as to select cost-effective countermeasures. We describe the rationale and the implementation of Haruspex, the inputs it requires and the simulation of how the agents select and implement their plans. After discussing the validation and the performance of the first version of Haruspex, we present a case study and the first set of experimental results.

Suggested Citation

  • Fabrizio Baiardi & Daniele Sgandurra, 2013. "Assessing ICT risk through a Monte Carlo method," Environment Systems and Decisions, Springer, vol. 33(4), pages 486-499, December.
    • Handle: RePEc:spr:envsyd:v:33:y:2013:i:4:d:10.1007_s10669-013-9463-4
    DOI: 10.1007/s10669-013-9463-4
    as

    Download full text from publisher

    File URL: http://link.springer.com/10.1007/s10669-013-9463-4
    File Function: Abstract
    Download Restriction: Access to the full text of the articles in this series is restricted.
    File URL: https://libkey.io/10.1007/s10669-013-9463-4?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Hausken, Kjell & Bier, Vicki M., 2011. "Defending against multiple different attackers," European Journal of Operational Research, Elsevier, vol. 211(2), pages 370-384, June.
    2. Theresa Brown & Walt Beyeler & Dianne Barton, 2004. "Assessing infrastructure interdependencies: the challenge of risk analysis for complex adaptive systems," International Journal of Critical Infrastructures, Inderscience Enterprises Ltd, vol. 1(1), pages 108-117.
    3. Vicki Bier & Santiago Oliveros & Larry Samuelson, 2007. "Choosing What to Protect: Strategic Defensive Allocation against an Unknown Attacker," Journal of Public Economic Theory, Association for Public Economic Theory, vol. 9(4), pages 563-587, August.
    4. Levitin, Gregory & Ben-Haim, Hanoch, 2008. "Importance of protections against intentional attacks," Reliability Engineering and System Safety, Elsevier, vol. 93(4), pages 639-646.
    5. Konak, Abdullah & Coit, David W. & Smith, Alice E., 2006. "Multi-objective optimization using genetic algorithms: A tutorial," Reliability Engineering and System Safety, Elsevier, vol. 91(9), pages 992-1007.
    6. Buede, Dennis M. & Mahoney, Suzanne & Ezell, Barry & Lathrop, John, 2012. "Using plural modeling for predicting decisions made by adaptive adversaries," Reliability Engineering and System Safety, Elsevier, vol. 108(C), pages 77-89.
    7. Yacov Y. Haimes, 2006. "On the Definition of Vulnerabilities in Measuring Risks to Infrastructures," Risk Analysis, John Wiley & Sons, vol. 26(2), pages 293-296, April.
    8. Hausken, Kjell, 2010. "Defense and attack of complex and dependent systems," Reliability Engineering and System Safety, Elsevier, vol. 95(1), pages 29-42.
    9. Insua, Insua Rios & Rios, Jesus & Banks, David, 2009. "Adversarial Risk Analysis," Journal of the American Statistical Association, American Statistical Association, vol. 104(486), pages 841-854.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Zachary A. Collier & Igor Linkov & James H. Lambert, 2013. "Four domains of cybersecurity: a risk-based systems approach to cyber decisions," Environment Systems and Decisions, Springer, vol. 33(4), pages 469-470, December.
    2. Fabrizio Baiardi & Federico Tonelli & Alessandro Bertolini, 2015. "Iterative selection of countermeasures for intelligent threat agents," International Journal of Network Management, John Wiley & Sons, vol. 25(5), pages 340-354, September.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Fabrizio Baiardi & Federico Tonelli & Alessandro Bertolini, 2015. "Iterative selection of countermeasures for intelligent threat agents," International Journal of Network Management, John Wiley & Sons, vol. 25(5), pages 340-354, September.
    2. Hausken, Kjell, 2024. "Fifty Years of Operations Research in Defense," European Journal of Operational Research, Elsevier, vol. 318(2), pages 355-368.
    3. Hunt, Kyle & Zhuang, Jun, 2024. "A review of attacker-defender games: Current state and paths forward," European Journal of Operational Research, Elsevier, vol. 313(2), pages 401-417.
    4. Mohammad E. Nikoofal & Mehmet Gümüs, 2015. "On the value of terrorist’s private information in a government’s defensive resource allocation problem," IISE Transactions, Taylor & Francis Journals, vol. 47(6), pages 533-555, June.
    5. Qingqing Zhai & Rui Peng & Jun Zhuang, 2020. "Defender–Attacker Games with Asymmetric Player Utilities," Risk Analysis, John Wiley & Sons, vol. 40(2), pages 408-420, February.
    6. Ríos Insua, David & Cano, Javier & Pellot, Michael & Ortega, Ricardo, 2016. "Multithreat multisite protection: A security case study," European Journal of Operational Research, Elsevier, vol. 252(3), pages 888-899.
    7. Hausken, Kjell, 2017. "Defense and attack for interdependent systems," European Journal of Operational Research, Elsevier, vol. 256(2), pages 582-591.
    8. Bier, Vicki & Gutfraind, Alexander, 2019. "Risk analysis beyond vulnerability and resilience – characterizing the defensibility of critical systems," European Journal of Operational Research, Elsevier, vol. 276(2), pages 626-636.
    9. Zhang, Chi & Ramirez-Marquez, José Emmanuel & Wang, Jianhui, 2015. "Critical infrastructure protection using secrecy – A discrete simultaneous game," European Journal of Operational Research, Elsevier, vol. 242(1), pages 212-221.
    10. Bose, Gautam & Konrad, Kai A., 2020. "Devil take the hindmost: Deflecting attacks to other defenders," Reliability Engineering and System Safety, Elsevier, vol. 204(C).
    11. Rui Peng & Di Wu & Mengyao Sun & Shaomin Wu, 2021. "An attack-defense game on interdependent networks," Journal of the Operational Research Society, Taylor & Francis Journals, vol. 72(10), pages 2331-2341, October.
    12. Song, Cen & Zhuang, Jun, 2017. "N-stage security screening strategies in the face of strategic applicants," Reliability Engineering and System Safety, Elsevier, vol. 165(C), pages 292-301.
    13. Yanling Chang & Alan Erera & Chelsea White, 2015. "A leader–follower partially observed, multiobjective Markov game," Annals of Operations Research, Springer, vol. 235(1), pages 103-128, December.
    14. Jason Merrick & Gregory S. Parnell, 2011. "A Comparative Analysis of PRA and Intelligent Adversary Methods for Counterterrorism Risk Management," Risk Analysis, John Wiley & Sons, vol. 31(9), pages 1488-1510, September.
    15. Bandyopadhyay, Subhayu & Sandler, Todd, 2023. "Voluntary participation in a terror group and counterterrorism policy," Journal of Economic Behavior & Organization, Elsevier, vol. 215(C), pages 500-513.
    16. Bakker, Craig & Webster, Jennifer B. & Nowak, Kathleen E. & Chatterjee, Samrat & Perkins, Casey J. & Brigantic, Robert, 2020. "Multi-Game Modeling for Counter-Smuggling," Reliability Engineering and System Safety, Elsevier, vol. 200(C).
    17. Rui Fang & Xiaohu Li, 2020. "A stochastic model of cyber attacks with imperfect detection," Communications in Statistics - Theory and Methods, Taylor & Francis Journals, vol. 49(9), pages 2158-2175, May.
    18. Vineet M. Payyappalli & Jun Zhuang & Victor Richmond R. Jose, 2017. "Deterrence and Risk Preferences in Sequential Attacker–Defender Games with Continuous Efforts," Risk Analysis, John Wiley & Sons, vol. 37(11), pages 2229-2245, November.
    19. Dogucan Mazicioglu & Jason R. W. Merrick, 2018. "Behavioral Modeling of Adversaries with Multiple Objectives in Counterterrorism," Risk Analysis, John Wiley & Sons, vol. 38(5), pages 962-977, May.
    20. Zhang, Jing & Zhuang, Jun & Jose, Victor Richmond R., 2018. "The role of risk preferences in a multi-target defender-attacker resource allocation game," Reliability Engineering and System Safety, Elsevier, vol. 169(C), pages 95-104.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:spr:envsyd:v:33:y:2013:i:4:d:10.1007_s10669-013-9463-4. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Sonal Shukla or Springer Nature Abstracting and Indexing (email available below). General contact details of provider: http://www.springer.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.