You are previewing Cyber-Risk Informatics.
O'Reilly logo
Cyber-Risk Informatics

Book Description

This book provides a scientific modeling approach for conducting metrics-based quantitative risk assessments of cybersecurity vulnerabilities and threats.

This book provides a scientific modeling approach for conducting metrics-based quantitative risk assessments of cybersecurity threats. The author builds from a common understanding based on previous class-tested works to introduce the reader to the current and newly innovative approaches to address the maliciously-by-human-created (rather than by-chance-occurring) vulnerability and threat, and related cost-effective management to mitigate such risk. This book is purely statistical data-oriented (not deterministic) and employs computationally intensive techniques, such as Monte Carlo and Discrete Event  Simulation. The enriched JAVA ready-to-go applications and solutions to exercises provided by the author at the book’s specifically preserved website will enable readers to utilize the course related problems.

• Enables the reader to use the book's website's applications to implement and see results, and use them making ‘budgetary’ sense

• Utilizes a data analytical approach and provides clear entry points for readers of varying skill sets and backgrounds

• Developed out of necessity from real in-class experience while teaching advanced undergraduate and graduate courses by the author

Cyber-Risk Informatics is a resource for undergraduate students, graduate students, and practitioners in the field of Risk Assessment and Management regarding Security and Reliability Modeling.

Mehmet Sahinoglu, a Professor (1990) Emeritus (2000), is the founder of the Informatics Institute (2009) and its SACS-accredited (2010) and NSA-certified (2013) flagship Cybersystems and Information Security (CSIS) graduate program (the first such full degree in-class program in Southeastern USA) at AUM, Auburn University’s metropolitan campus in Montgomery, Alabama. He is a fellow member of the SDPS Society, a senior member of the IEEE, and an elected member of ISI. Sahinoglu is the recipient of Microsoft's Trustworthy Computing Curriculum (TCC) award and the author of Trustworthy Computing (Wiley, 2007).

 

Table of Contents

  1. COVER
  2. TITLE PAGE
  3. ABOUT THE COVER
  4. PROLOGUE
  5. REVIEWS
  6. PREFACE
  7. ACKNOWLEDGMENTS AND DEDICATION
  8. ABOUT THE AUTHOR
  9. 1 METRICS, STATISTICAL QUALITY CONTROL, AND BASIC RELIABILITY IN CYBER-RISK
    1. 1.1 DETERMINISTIC AND STOCHASTIC CYBER-RISK METRICS
    2. 1.2 STATISTICAL RISK ANALYSIS
    3. 1.3 ACCEPTANCE SAMPLING IN QUALITY CONTROL
    4. 1.4 POISSON AND NORMAL APPROXIMATION TO BINOMIAL IN QUALITY CONTROL
    5. 1.5 BASIC STATISTICAL RELIABILITY CONCEPTS AND MC SIMULATORS
    6. 1.6 DISCUSSIONS AND CONCLUSION
    7. 1.7 EXERCISES
    8. REFERENCES
  10. 2 COMPLEX NETWORK RELIABILITY EVALUATION AND ESTIMATION IN CYBER-RISK
    1. 2.1 INTRODUCTION
    2. 2.2 OVERLAP TECHNIQUE TO CALCULATE COMPLEX NETWORK RELIABILITY
    3. 2.3 THE OVERLAP METHOD: MONTE CARLO AND DISCRETE EVENT SIMULATION
    4. 2.4 MULTISTATE SYSTEM RELIABILITY EVALUATION
    5. 2.5 WEIBULL TIME DISTRIBUTED RELIABILITY EVALUATION
    6. 2.6 DISCUSSIONS AND CONCLUSION
    7. APPENDIX 2.A OVERLAP ALGORITHM AND EXAMPLE
    8. 2.7 EXERCISES
    9. REFERENCES
  11. 3 STOPPING RULES FOR RELIABILITY AND SECURITY TESTS IN CYBER-RISK
    1. 3.1 INTRODUCTION
    2. 3.2 METHODS
    3. 3.3 EXAMPLES MERGING BOTH STOPPING RULES: LGM AND CPM
    4. 3.4 STOPPING RULE FOR TESTING IN THE TIME DOMAIN
    5. 3.5 DISCUSSIONS AND CONCLUSION
    6. 3.6 EXERCISES
    7. REFERENCES
  12. 4 SECURITY ASSESSMENT AND MANAGEMENT IN CYBER-RISK
    1. 4.1 INTRODUCTION
    2. 4.2 <span xmlns="http://www.w3.org/1999/xhtml" xmlns:epub="http://www.idpf.org/2007/ops" xmlns:m="http://www.w3.org/1998/Math/MathML" xmlns:svg="http://www.w3.org/2000/svg" xmlns:ibooks="http://vocabulary.itunes.apple.com/rdf/ibooks/vocabulary-extensions-1.0">SECURITY</span> <span xmlns="http://www.w3.org/1999/xhtml" xmlns:epub="http://www.idpf.org/2007/ops" xmlns:m="http://www.w3.org/1998/Math/MathML" xmlns:svg="http://www.w3.org/2000/svg" xmlns:ibooks="http://vocabulary.itunes.apple.com/rdf/ibooks/vocabulary-extensions-1.0">METER</span> (SM) (SM) <span xmlns="http://www.w3.org/1999/xhtml" xmlns:epub="http://www.idpf.org/2007/ops" xmlns:m="http://www.w3.org/1998/Math/MathML" xmlns:svg="http://www.w3.org/2000/svg" xmlns:ibooks="http://vocabulary.itunes.apple.com/rdf/ibooks/vocabulary-extensions-1.0">MODEL</span> <span xmlns="http://www.w3.org/1999/xhtml" xmlns:epub="http://www.idpf.org/2007/ops" xmlns:m="http://www.w3.org/1998/Math/MathML" xmlns:svg="http://www.w3.org/2000/svg" xmlns:ibooks="http://vocabulary.itunes.apple.com/rdf/ibooks/vocabulary-extensions-1.0">DESIGN</span>
    3. 4.3 VERIFICATION OF THE PROBABILISTIC SECURITY METER (SM) METHOD BY MONTE CARLO SIMULATION AND MATH-STATISTICAL TRIPLE-PRODUCT RULE
    4. 4.4 MODIFYING THE SM QUANTITATIVE MODEL FOR CATEGORICAL, HYBRID, AND NONDISJOINT DATA
    5. 4.5 MAINTENANCE PRIORITY DETERMINATION FOR 3 × 3 × 2 SM
    6. 4.6 PRIVACY METER (PM): HOW TO QUANTIFY PRIVACY BREACH
    7. 4.7 POLISH DECODING (DECOMPRESSION) ALGORITHM
    8. 4.8 DISCUSSIONS AND CONCLUSION
    9. 4.9 EXERCISES
    10. REFERENCES
  13. 5 GAME-THEORETIC COMPUTING IN CYBER-RISK
    1. 5.1 HISTORICAL PERSPECTIVE TO GAME THEORY’S ORIGINS
    2. 5.2 APPLICATIONS OF GAME THEORY TO CYBER-SECURITY RISK
    3. 5.3 INTUITIVE BACKGROUND: CONCEPTS, DEFINITIONS, AND NOMENCLATURE
    4. 5.4 RANDOM SELECTION FOR NASH MIXED STRATEGY
    5. 5.5 ADVERSARIAL RISK ANALYSIS MODELS BY BANKS, RIOS, AND RIOS
    6. 5.6 AN ALTERNATIVE MODEL: SAHINOGLU’S SECURITY METER FOR NEUMANN AND NASH MIXED STRATEGY
    7. 5.7 OTHER INTERDISCIPLINARY APPLICATIONS OF RISK METERS
    8. 5.8 MIXED STRATEGY FOR RISK ASSESSMENT AND MANAGEMENT- UNIVERSITY SERVER AND SOCIAL NETWORK EXAMPLES
    9. 5.9 APPLICATION TO HOSPITAL HEALTHCARE SERVICE RISK
    10. 5.10 APPLICATION TO ENVIRONMETRICS AND ECOLOGY RISK
    11. 5.11 APPLICATION TO DIGITAL FORENSICS SECURITY RISK
    12. 5.12 APPLICATION TO BUSINESS CONTRACTING RISK
    13. 5.13 APPLICATION TO NATIONAL CYBERSECURITY RISK
    14. 5.14 APPLICATION TO AIRPORT SERVICE QUALITY RISK
    15. 5.15 APPLICATION TO OFFSHORE OIL-DRILLING SPILL AND SECURITY RISK
    16. 5.16 DISCUSSIONS AND CONCLUSION
    17. 5.17 EXERCISES
    18. REFERENCES
  14. 6 MODELING AND SIMULATION IN CYBER-RISK
    1. 6.1 INTRODUCTION AND A BRIEF HISTORY TO SIMULATION
    2. 6.2 GENERIC THEORY: CASE STUDIES ON GOODNESS OF FIT FOR UNIFORM NUMBERS
    3. 6.3 WHY CRUCIAL TO MANUFACTURING AND CYBER DEFENSE
    4. 6.4 A CROSS SECTION OF MODELING AND SIMULATION IN MANUFACTURING INDUSTRY
    5. 6.5 A REVIEW OF MODELING AND SIMULATION IN CYBER-SECURITY
    6. 6.6 APPLICATION OF QUEUING THEORY AND MULTICHANNEL SIMULATION TO CYBER-SECURITY
    7. 6.7 DISCUSSIONS AND CONCLUSION
    8. APPENDIX 6.A
    9. 6.8 EXERCISES
    10. REFERENCES
  15. 7 CLOUD COMPUTING IN CYBER-RISK
    1. 7.1 INTRODUCTION AND MOTIVATION
    2. 7.2 CLOUD COMPUTING RISK ASSESSMENT
    3. 7.3 MOTIVATION AND METHODOLOGY
    4. 7.4 VARIOUS APPLICATIONS TO CYBER SYSTEMS
    5. 7.5 LARGE CYBER SYSTEMS USING STATISTICAL METHODS
    6. 7.6 REPAIR CREW AND PRODUCT RESERVE PLANNING TO MANAGE RISK COST EFFECTIVELY USING CYBERRISKSOLVER CLOUD MANAGEMENT JAVA TOOL
    7. 7.7 REMARKS FOR “PHYSICAL CLOUD” EMPLOYING PHYSICAL PRODUCTS (SERVERS, GENERATORS, COMMUNICATION TOWERS, ETC.)
    8. 7.8 APPLICATIONS TO “SOCIAL (HUMAN RESOURCES) CLOUD”
    9. 7.9 STOCHASTIC CLOUD SYSTEM SIMULATION
    10. 7.10 CLOUD RISK METER ANALYSIS
    11. 7.11 DISCUSSIONS AND CONCLUSION
    12. 7.12 EXERCISES
    13. REFERENCES
  16. 8 SOFTWARE RELIABILITY MODELING AND METRICS IN CYBER-RISK
    1. 8.1 INTRODUCTION, MOTIVATION, AND METHODOLOGY
    2. 8.2 HISTORY AND CLASSIFICATION OF SOFTWARE RELIABILITY MODELS
    3. 8.3 SOFTWARE RELIABILITY MODELS IN TIME DOMAIN
    4. 8.4 SOFTWARE RELIABILITY GROWTH MODELS
    5. 8.5 NUMERICAL EXAMPLES USING PEDAGOGUES
    6. 8.6 RECENT TRENDS IN SOFTWARE RELIABILITY
    7. 8.7 DISCUSSIONS AND CONCLUSION
    8. 8.8 EXERCISES
    9. REFERENCES
  17. 9 METRICS FOR SOFTWARE RELIABILITY FAILURE-COUNT MODELS IN CYBER-RISK
    1. 9.1 INTRODUCTION AND METHODOLOGY ON FAILURE-COUNT ESTIMATION IN SOFTWARE RELIABILITY
    2. 9.2 PREDICTIVE ACCURACY TO COMPARE FAILURE-COUNT MODELS
    3. 9.3 DISCUSSIONS AND CONCLUSION
    4. APPENDIX 9.A
    5. 9.4 EXERCISES
    6. REFERENCES
  18. 10 PRACTICAL HANDS-ON LAB TOPICS IN CYBER-RISK
    1. 10.1 SYSTEM HARDENING
    2. 10.2 EMAIL SECURITY
    3. 10.3 MS-DOS COMMANDS
    4. 10.4 LOGGING
    5. 10.5 FIREWALL
    6. 10.6 WIRELESS NETWORKS
    7. 10.7 DISCUSSIONS AND CONCLUSION
    8. APPENDIX 10.A
    9. 10.8 EXERCISES
    10. REFERENCES
  19. WHAT THE CYBER-RISK INFORMATICS TEXTBOOK AND THE AUTHOR ARE ABOUT?
  20. INDEX
  21. END USER LICENSE AGREEMENT