IDEAS home Printed from https://ideas.repec.org/a/spr/envsyd/v33y2013i4d10.1007_s10669-013-9463-4.html
   My bibliography  Save this article

Assessing ICT risk through a Monte Carlo method

Author

Listed:
  • Fabrizio Baiardi

    (Università di Pisa)

  • Daniele Sgandurra

    (CNR)

Abstract

To assess and manage the risk due to an information and communication system before its deployment, data of interest can be produced by a Monte Carlo method. This paper presents Haruspex, a software tool that applies a Monte Carlo method to simulate intelligent and adaptive threat agents that reach predefined goals through plan with several attacks. The samples that Haruspex collects are used to compute statistics on the agent’s impacts and their plans as well as to select cost-effective countermeasures. We describe the rationale and the implementation of Haruspex, the inputs it requires and the simulation of how the agents select and implement their plans. After discussing the validation and the performance of the first version of Haruspex, we present a case study and the first set of experimental results.

Suggested Citation

  • Fabrizio Baiardi & Daniele Sgandurra, 2013. "Assessing ICT risk through a Monte Carlo method," Environment Systems and Decisions, Springer, vol. 33(4), pages 486-499, December.
    • Handle: RePEc:spr:envsyd:v:33:y:2013:i:4:d:10.1007_s10669-013-9463-4
    DOI: 10.1007/s10669-013-9463-4
    as

    Download full text from publisher

    File URL: http://link.springer.com/10.1007/s10669-013-9463-4
    File Function: Abstract
    Download Restriction: Access to the full text of the articles in this series is restricted.
    File URL: https://libkey.io/10.1007/s10669-013-9463-4?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Theresa Brown & Walt Beyeler & Dianne Barton, 2004. "Assessing infrastructure interdependencies: the challenge of risk analysis for complex adaptive systems," International Journal of Critical Infrastructures, Inderscience Enterprises Ltd, vol. 1(1), pages 108-117.
    2. Levitin, Gregory & Ben-Haim, Hanoch, 2008. "Importance of protections against intentional attacks," Reliability Engineering and System Safety, Elsevier, vol. 93(4), pages 639-646.
    3. Vicki Bier & Santiago Oliveros & Larry Samuelson, 2007. "Choosing What to Protect: Strategic Defensive Allocation against an Unknown Attacker," Journal of Public Economic Theory, Association for Public Economic Theory, vol. 9(4), pages 563-587, August.
    4. Buede, Dennis M. & Mahoney, Suzanne & Ezell, Barry & Lathrop, John, 2012. "Using plural modeling for predicting decisions made by adaptive adversaries," Reliability Engineering and System Safety, Elsevier, vol. 108(C), pages 77-89.
    5. Insua, Insua Rios & Rios, Jesus & Banks, David, 2009. "Adversarial Risk Analysis," Journal of the American Statistical Association, American Statistical Association, vol. 104(486), pages 841-854.
    6. Hausken, Kjell & Bier, Vicki M., 2011. "Defending against multiple different attackers," European Journal of Operational Research, Elsevier, vol. 211(2), pages 370-384, June.
    7. Konak, Abdullah & Coit, David W. & Smith, Alice E., 2006. "Multi-objective optimization using genetic algorithms: A tutorial," Reliability Engineering and System Safety, Elsevier, vol. 91(9), pages 992-1007.
    8. Yacov Y. Haimes, 2006. "On the Definition of Vulnerabilities in Measuring Risks to Infrastructures," Risk Analysis, John Wiley & Sons, vol. 26(2), pages 293-296, April.
    9. Hausken, Kjell, 2010. "Defense and attack of complex and dependent systems," Reliability Engineering and System Safety, Elsevier, vol. 95(1), pages 29-42.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Zachary A. Collier & Igor Linkov & James H. Lambert, 2013. "Four domains of cybersecurity: a risk-based systems approach to cyber decisions," Environment Systems and Decisions, Springer, vol. 33(4), pages 469-470, December.
    2. Fabrizio Baiardi & Federico Tonelli & Alessandro Bertolini, 2015. "Iterative selection of countermeasures for intelligent threat agents," International Journal of Network Management, John Wiley & Sons, vol. 25(5), pages 340-354, September.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Fabrizio Baiardi & Federico Tonelli & Alessandro Bertolini, 2015. "Iterative selection of countermeasures for intelligent threat agents," International Journal of Network Management, John Wiley & Sons, vol. 25(5), pages 340-354, September.
    2. Hausken, Kjell, 2024. "Fifty Years of Operations Research in Defense," European Journal of Operational Research, Elsevier, vol. 318(2), pages 355-368.
    3. Hunt, Kyle & Zhuang, Jun, 2024. "A review of attacker-defender games: Current state and paths forward," European Journal of Operational Research, Elsevier, vol. 313(2), pages 401-417.
    4. Qingqing Zhai & Rui Peng & Jun Zhuang, 2020. "Defender–Attacker Games with Asymmetric Player Utilities," Risk Analysis, John Wiley & Sons, vol. 40(2), pages 408-420, February.
    5. Ríos Insua, David & Cano, Javier & Pellot, Michael & Ortega, Ricardo, 2016. "Multithreat multisite protection: A security case study," European Journal of Operational Research, Elsevier, vol. 252(3), pages 888-899.
    6. Mohammad E. Nikoofal & Mehmet Gümüs, 2015. "On the value of terrorist’s private information in a government’s defensive resource allocation problem," IISE Transactions, Taylor & Francis Journals, vol. 47(6), pages 533-555, June.
    7. Hausken, Kjell, 2017. "Defense and attack for interdependent systems," European Journal of Operational Research, Elsevier, vol. 256(2), pages 582-591.
    8. Zhang, Chi & Ramirez-Marquez, José Emmanuel & Wang, Jianhui, 2015. "Critical infrastructure protection using secrecy – A discrete simultaneous game," European Journal of Operational Research, Elsevier, vol. 242(1), pages 212-221.
    9. Song, Cen & Zhuang, Jun, 2017. "N-stage security screening strategies in the face of strategic applicants," Reliability Engineering and System Safety, Elsevier, vol. 165(C), pages 292-301.
    10. Bakker, Craig & Webster, Jennifer B. & Nowak, Kathleen E. & Chatterjee, Samrat & Perkins, Casey J. & Brigantic, Robert, 2020. "Multi-Game Modeling for Counter-Smuggling," Reliability Engineering and System Safety, Elsevier, vol. 200(C).
    11. Rui Fang & Xiaohu Li, 2020. "A stochastic model of cyber attacks with imperfect detection," Communications in Statistics - Theory and Methods, Taylor & Francis Journals, vol. 49(9), pages 2158-2175, May.
    12. Vineet M. Payyappalli & Jun Zhuang & Victor Richmond R. Jose, 2017. "Deterrence and Risk Preferences in Sequential Attacker–Defender Games with Continuous Efforts," Risk Analysis, John Wiley & Sons, vol. 37(11), pages 2229-2245, November.
    13. Bandyopadhyay, Subhayu & Sandler, Todd, 2023. "Voluntary participation in a terror group and counterterrorism policy," Journal of Economic Behavior & Organization, Elsevier, vol. 215(C), pages 500-513.
    14. Zhang, Jing & Zhuang, Jun & Jose, Victor Richmond R., 2018. "The role of risk preferences in a multi-target defender-attacker resource allocation game," Reliability Engineering and System Safety, Elsevier, vol. 169(C), pages 95-104.
    15. Yacov Y. Haimes & Kenneth Crowther & Barry M. Horowitz, 2008. "Homeland security preparedness: Balancing protection with resilience in emergent systems," Systems Engineering, John Wiley & Sons, vol. 11(4), pages 287-308, December.
    16. Xing Gao & Weijun Zhong & Shue Mei, 2013. "Information Security Investment When Hackers Disseminate Knowledge," Decision Analysis, INFORMS, vol. 10(4), pages 352-368, December.
    17. Jorge González-Ortega & Refik Soyer & David Ríos Insua & Fabrizio Ruggeri, 2021. "An Adversarial Risk Analysis Framework for Batch Acceptance Problems," Decision Analysis, INFORMS, vol. 18(1), pages 25-40, March.
    18. Yacov Y. Haimes, 2011. "On the Complex Quantification of Risk: Systems‐Based Perspective on Terrorism," Risk Analysis, John Wiley & Sons, vol. 31(8), pages 1175-1186, August.
    19. Yan, Xihong & Ren, Xiaorong & Nie, Xiaofeng, 2022. "A budget allocation model for domestic airport network protection," Socio-Economic Planning Sciences, Elsevier, vol. 82(PB).
    20. Wei Wang & Francesco Di Maio & Enrico Zio, 2019. "Adversarial Risk Analysis to Allocate Optimal Defense Resources for Protecting Cyber–Physical Systems from Cyber Attacks," Risk Analysis, John Wiley & Sons, vol. 39(12), pages 2766-2785, December.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:spr:envsyd:v:33:y:2013:i:4:d:10.1007_s10669-013-9463-4. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Sonal Shukla or Springer Nature Abstracting and Indexing (email available below). General contact details of provider: http://www.springer.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.