Article: Risk management of an information infrastructure: a framework based upon security dependencies Journal: International Journal of System of Systems Engineering (IJSSE) 2008 Vol.1 No.1/2 pp.237 - 256 Abstract: A mathematical framework for the risk management of information infrastructures is presented. The framework describes the infrastructure at distinct abstraction layers by integrating four abstract models that describe, respectively, the relation among components due to the implementation, how rights are managed so that they are taken and granted among threat or users, the vulnerabilities and the attacks they enable against, respectively, components and users. Each model corresponds to a distinct approach to formally deduce the rights a threat can achieve on the infrastructure components and its features influence the security properties and the rights that can be acquired through attacks. The framework considers intelligent threats, each trying to achieve one in a set of goals. To this purpose, a threat implements a strategy that compose elementary attacks. Strategies can be discovered and formally represented as a graph or a finite state automaton. Starting from this formal representation, countermeasures can be considered and analysed so that a proper set of cost effective countermeasures can be applied to define a risk mitigation plan.We show that such a set is always non-redundant because it stops all and only the attacks resulting in a set of goals. Lastly, we show how probabilities of attacks and risk can be considered. Inderscience Publishers - linking academia, business and industry through research

Title: Risk management of an information infrastructure: a framework based upon security dependencies

Authors: F. Baiardi, C. Telmon

Addresses: Dipartimento di Informatica and Polo G.Marconi, La Spezia Universita di Pisa, Italy. ' Dipartimento di Informatica and Polo G.Marconi, La Spezia Universita di Pisa, Italy

Abstract: A mathematical framework for the risk management of information infrastructures is presented. The framework describes the infrastructure at distinct abstraction layers by integrating four abstract models that describe, respectively, the relation among components due to the implementation, how rights are managed so that they are taken and granted among threat or users, the vulnerabilities and the attacks they enable against, respectively, components and users. Each model corresponds to a distinct approach to formally deduce the rights a threat can achieve on the infrastructure components and its features influence the security properties and the rights that can be acquired through attacks. The framework considers intelligent threats, each trying to achieve one in a set of goals. To this purpose, a threat implements a strategy that compose elementary attacks. Strategies can be discovered and formally represented as a graph or a finite state automaton. Starting from this formal representation, countermeasures can be considered and analysed so that a proper set of cost effective countermeasures can be applied to define a risk mitigation plan.We show that such a set is always non-redundant because it stops all and only the attacks resulting in a set of goals. Lastly, we show how probabilities of attacks and risk can be considered.

Keywords: critical infrastructures; ICT systems; attacks; attack strategies; vulnerabilities; risk assessment; risk mitigation; security dependencies; critical information infrastructures.

DOI: 10.1504/IJSSE.2008.018139

International Journal of System of Systems Engineering, 2008 Vol.1 No.1/2, pp.237 - 256

Published online: 02 May 2008 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article

Title: Risk management of an information infrastructure: a framework based upon security dependencies

Keep up-to-date