Visible to the public Information security risk assessment based on decomposition probability via Bayesian Network

TitleInformation security risk assessment based on decomposition probability via Bayesian Network
Publication TypeConference Paper
Year of Publication2020
AuthorsYermalovich, P., Mejri, M.
Conference Name2020 International Symposium on Networks, Computers and Communications (ISNCC)
Date Publishedoct
Keywordsbelief networks, computer security, Cyber-physical systems, cyberattack, cybersecurity, Information security, Information systems, IT Security, Measurement, probability of cyberattacks, pubcrawl, Resiliency, risk assessment, risk management, security, Urban areas, web security
AbstractWell-known approaches to risk analysis suggest considering the level of an information system risk as one frame in a film. This means that we only can perform a risk assessment for the current point in time. This article explores the idea of risk assessment in a future period, as a prediction of what we will see in the film later. In other words, the article presents an approach to predicting a potential future risk and suggests the idea of relying on forecasting the likelihood of an attack on information system assets. To establish the risk level at a selected time interval in the future, one has to perform a mathematical decomposition. To do this, we need to select the required information system parameters for the predictions and their statistical data for risk assessment. This method can be used to ensure more detailed budget planning when ensuring the protection of the information system. It can be also applied in case of a change of the information protection configuration to satisfy the accepted level of risk associated with projected threats and vulnerabilities.
Citation Keyyermalovich_information_2020