Assessing ICT risk through a Monte Carlo method

To assess and manage the risk due to an information and communication system before its deployment, data of interest can be produced by a Monte Carlo method. This paper presents Haruspex, a software tool that applies a Monte Carlo method to simulate intelligent and adaptive threat agents that reach...

Full description

Saved in:
Bibliographic Details
Published in:Environment systems & decisions 2013-12, Vol.33 (4), p.486-499
Main Authors: Baiardi, Fabrizio, Sgandurra, Daniele
Format: Article
Language:English
Subjects:
Communication systems
Computer programs
Computer simulation
Control
Cybersecurity
Earth and Environmental Science
Environment
Environmental Management
Graphs
Information technology
Infrastructure
Monte Carlo methods
Monte Carlo simulation
multidisciplinary
Probability
Quality Control
Reliability
Risk assessment
Safety and Risk
Samples
Science
Statistics
Studies
Success
Systems Theory
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:To assess and manage the risk due to an information and communication system before its deployment, data of interest can be produced by a Monte Carlo method. This paper presents Haruspex, a software tool that applies a Monte Carlo method to simulate intelligent and adaptive threat agents that reach predefined goals through plan with several attacks. The samples that Haruspex collects are used to compute statistics on the agent’s impacts and their plans as well as to select cost-effective countermeasures. We describe the rationale and the implementation of Haruspex, the inputs it requires and the simulation of how the agents select and implement their plans. After discussing the validation and the performance of the first version of Haruspex, we present a case study and the first set of experimental results.
ISSN:2194-5403
2194-5411
DOI:10.1007/s10669-013-9463-4