INFORMATION SECURITY RISK ASSESSMENT UNDER UNCERTAINTY USING DYNAMIC BAYESIAN NETWORKS

R. Sarala, M.Kayalvizhi, G.Zayaraz

Abstract: The risk management process is the key task of every decision maker in an organization. This risk management process should be carried out periodically to review the security of the information assets in the organization. So if this process is to be efficient, the organization should first prioritize the information assets and should employ risk management procedure to avoid potential loss. But the uncertainty in the risk events and the additional tedious task of decision making under risk makes the risk management process inefficient. In this paper, a novel approach is presented; where Dynamic Bayesian Network models are constructed to identify multi stage attacks. The Dynamic Bayesian Network models help to detect the uncertain relationship associated with the risk event. The next task is inferring, where evidence is updated dynamically for the multiple time slices. Finally, a diagrammatic representation of the attack scenario and the constructed Dynamic Bayesian Network is shown to explain the effectiveness of the model in identifying multi stage attacks

Keywords: Information Security Risk Assessment, Information assets, Multi stage attacks, Uncertainty, Decision making

DOI: https://doi.org/10.15623/ijret.2014.0319055