Upload File

cyber risk scoring and mitigation (crism · cost-effective mitigation plan. organizations need...

  • Home
  • Documents
  • CYBER RISK SCORING AND MITIGATION (CRISM · cost-effective mitigation plan. Organizations need tools to aid in continuous assessment their cyber resilience capabilities. Developed
1
CYBER RISK SCORING AND MITIGATION (CRISM©) Md Ali Reza Al Amin, Old Dominion University Advisor: Dr. Sachin Shetty, Old Dominion University HOMELAND SECURITY CHALLENGE APPROACH / METHODOLOGY OUTCOMES / RESULTS CONCLUSION ACKNOWLEDGEMENTS This material is based on work supported by the U.S. Department of Homeland Security under Grant Award Number 2015-ST-061-CIRC01. Passive scans to map the computer systems and networks. Discover vulnerabilities using Network Vulnerability Tests and extract information using National Vulnerability Databases and Common Vulnerability Scoring System. Generate Bayesian attack Graphs which compose and correlate the vulnerabilities to identify potential for multi-stage attacks and likelihood of exploitability. Compute cyber risk score for the enterprise system. Security metrics will play a key role in supporting risk management and mitigation decisions for DHS stakeholders. Availability of quantitative insights ensure operational resilience and assist in development of cost-effective mitigation plan. Organizations need tools to aid in continuous assessment their cyber resilience capabilities. Developed CRISM ©, a cyber security risk assessment tool for IT and OT sectors. Distills complex threat analysis processes into a single numerical risk score. Provides a detailed, prioritized mitigation plan. Employs an easy-to-use interface and advanced visualization techniques to ensure information synthesis. Displays risk scores in a variety of ways, depending on needs. Identifies specific vulnerabilities and potential attack paths. Builds enterprise-wide awareness of risk. Avoids costly security breaches that could cost your company and your customers’ money and time. Applies to any industry, from financial, healthcare, military and beyond. Using CRISM ©, we are able to better understand the causal relationships between preconditions, vulnerability exploitations, and postconditions. By employing CRISM © in a network it can save tremendous time and manpower in terms of vulnerability detection and mitigation plan. CRISM © leveraged the issue of selecting security controls from the large space of optimization where efficient selection of security measure is crucial while maintaining network QoS.

Upload: vocong

Post on 01-Aug-2019

218 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: CYBER RISK SCORING AND MITIGATION (CRISM · cost-effective mitigation plan. Organizations need tools to aid in continuous assessment their cyber resilience capabilities. Developed

CYBER RISK SCORING AND MITIGATION (CRISM©)Md Ali Reza Al Amin, Old Dominion University

Advisor: Dr. Sachin Shetty, Old Dominion University

HOMELAND SECURITY CHALLENGE

APPROACH / METHODOLOGY

OUTCOMES / RESULTS

CONCLUSION

ACKNOWLEDGEMENTS

This material is based on work supported by the U.S. Department of Homeland Security under Grant Award Number 2015-ST-061-CIRC01.

Passive scans to map the computer systems andnetworks.

Discover vulnerabilities using NetworkVulnerability Tests and extract information usingNational Vulnerability Databases and CommonVulnerability Scoring System.

Generate Bayesian attack Graphs whichcompose and correlate the vulnerabilities toidentify potential for multi-stage attacks andlikelihood of exploitability.

Compute cyber risk score for the enterprisesystem.

Security metrics will play a key role in supporting risk management and mitigation decisionsfor DHS stakeholders.

Availability of quantitative insights ensure operational resilience and assist in development ofcost-effective mitigation plan.

Organizations need tools to aid in continuous assessment their cyber resilience capabilities.

Developed CRISM ©, a cyber security risk assessment tool for IT and OT sectors. Distills complex threat analysis processes into a single numerical risk score. Provides a detailed, prioritized mitigation plan. Employs an easy-to-use interface and advanced visualization techniques to ensure

information synthesis. Displays risk scores in a variety of ways, depending on needs. Identifies specific vulnerabilities and potential attack paths. Builds enterprise-wide awareness of risk. Avoids costly security breaches that could cost your company and your customers’ money

and time. Applies to any industry, from financial, healthcare, military and beyond.

Using CRISM ©, we are able to better understand the causal relationships betweenpreconditions, vulnerability exploitations, and postconditions. By employing CRISM © in anetwork it can save tremendous time and manpower in terms of vulnerability detection andmitigation plan. CRISM © leveraged the issue of selecting security controls from the large spaceof optimization where efficient selection of security measure is crucial while maintainingnetwork QoS.

Continuous Industrial Cyber Risk Mitigation with … · Continuous Industrial Cyber Risk Mitigation with Managed Services Monitoring and ... 2009 Process control systems Network

Mitigation and Resilience of Cyber Risk - actuaries.org.hk GI Seminar 2016/05... · Mitigation and Resilience of Cyber Risk . 2 ... • The physical world used resilience and mitigation

New Technologies in Cyber Detection and Mitigation & How ...€¦ · New Technologies in Cyber Detection and Mitigation & How to Achieve an Effective and Practical Incident Response

Cyber Green Improving Cyber Health through Measurement and Mitigation Yurie Ito JPCERT/CC

Generation and Evaluation of Systematic CRISM Mineral Indicator …crism.jhuapl.edu/.../docs/CRISM_MSL_CDP_workshop_4_100927.pdf · 1 Generation and Evaluation of Systematic CRISM

CYBER BREACH MITIGATION - TPPA€¦ · -Target Mitigation Of 80% Of Cyber Risk At A Reasonable Cost -Deploy Cyber Insurance For Balance Sheet Protection From Other 20%. -Many Cyber

10. prelude for objective mitigation to cyber threats

The Evolution of Cyber Risk and Mitigation Strategies

Tying cyber attacks to business processes, for faster mitigation

MRO CRISM TRR3 Hyperspectral Data Filtering

Cyber Green Improving Cyber Health through Measurement and Mitigation

Cyber Threat Intelligence - CTI · Ανοιχτές Πηγές - Open Source Intelligence ... exchange cyber threat information for the detection, prevention, and mitigation of cyber

CRISM (Compact Reconnaissance Imaging Spectrometer for

Cyber-Physical Systems Security Risk Modeling and Mitigation

Cyber Physical System Security - Iowa State Universitys2erc.iastate.edu/wp-content/uploads/gmani_2014... · Cyber Physical System Security ... •Mitigation Research 4 •Cyber-Physical

Interference Mitigation for Cyber-Physical Wireless Body Area Network … · IEEE TRANSACTIONS ON EMERGING TOPICS IN COMPUTING Zhang et al.: Interference Mitigation for Cyber-Physical

CRISM MAPPING OF CHLORIDE DEPOSITS AT CENTRAL …

Software Safety and Security Risk Mitigation in Cyber

Cyber Green Improving Cyber Health through Measurement and Mitigation · Improving Cyber Health through Measurement and Mitigation Yurie Ito . Director, JPCERT/CC . Context for the

The Cyber Threat Landscape and Risk Mitigation Strategies ... · The Cyber Threat Landscape and Risk Mitigation Strategies for Hospitals and Nursing Homes JoEllen Frain. Agenda •

CYBER SECURITY - CYBER RISK MANAGEMENT AND MITIGATION

Advanced Cyber-Threat Intelligence, Detection, and Mitigation

Evolution of Cyber-liability: Mitigation - AFP Online · Evolution of Cyber-liability: Mitigation Kevin ... • Lose a laptop or other device ... Review sample contracts from its

Risk Mitigation for Dynamic State Estimation Against Cyber ... · Risk Mitigation for Dynamic State Estimation Against Cyber Attacks and ... a security-oriented cyber-physical state

Advanced Cyber Threat Intelligence, Detection, and Mitigation · Advanced Cyber–Threat Intelligence, Detection, and Mitigation Platform for a Trusted Internet of Things Grant Agreement:

Cisco Provides Essential Cyber Solutions for Continuous Diagnostics and Mitigation

Foiling the 'Cyber Kill Chain' - Mitigation Strategies for

Cyber Loss Mitigation For Directors - Chubb

Implantable Medical Devices - Cyber Risks and Mitigation ... · Implantable Medical Devices – Cyber Risks and Mitigation Approaches NIST Cyber Physical Systems Workshop April 23-24,

Finding your data with CRISM-map · CRISM-map web site •Great tool to find exciting CRISM observations – Possesses all targeted CRISM data delivered to PDS •Uses browse products

CRISM MSL CDP Overview - NASA · CRISM MSL CDP Overview 3 rd MSL Landing Site Selection Workshop F. Seelos, O. Barnouin-Jha, S. Murchie, A. Regiec. 09/15/2008 CRISM MSL CDP FPS; OSB

Continuous Industrial Cyber Risk Mitigation with Managed Services Monitoring and Alerting

CRISM Data Users' Workshop CAT Tutorial

Evolution of Cyber-liability: Mitigation - AFP Online · PDF file · 2016-04-12Evolution of Cyber-liability: Mitigation Kevin Kalinich, J.D. ... Key area for extra service sales

Cyber Security: Real Examples, Mitigation, and Additional