No full-text available
To read the full-text of this research,
you can request a copy directly from the authors.
Risk forecast using hidden Markov models
Abstract
Today's fast moving technologies create innovative ideas, products, and services, but they also bring with them new security risks. The gap between new technologies and the security needed to keep them from opening up new risks in information systems (ISs) can be difficult to close completely. Changes in ISs are inevitable because computing environments, intentionally or unintentionally, are always changing. These changes bring with them vulnerabilities on new or existing ISs, which cause security states to move between mitigated, vulnerable, and compromised states. In previous work, we introduced the near real-time risk assessment using hidden Markov models (HMMs). This paper applies that theory to a prototype MatLab™ environment.
ResearchGate has not been able to resolve any citations for this publication.
Conducting risk assessment on organizational assets can be time consuming, burdensome, and misleading in many cases because of the dynamically changing security states of assets. Risk assessments may present inaccurate or false data if the organizational assets change in their security postures. Each asset can change its security status from secure, mitigated, vulnerable, or compromised states. The secure state is only temporary and imaginary; it may never exist. Therefore, it is accurate to say that each asset changes its security state within its mitigated, vulnerable, or compromised, state. If we can predict each asset's security state prior to its actual state, we would have a good risk indicator for the organization's mission-critical assets. In this paper, we explore possible security states from the insider's perspective, as there are more security incidents initiated from inside than outside an organization. However, we are in a continuous loop of mitigating dynamically changing assets caused by both internal and external threats.
The NRTSAPD Risk Assessment methodology offers two key advantages over other risk assessments. The first advantage is that the NRTSAPD risk assessment methodology provides management with a simple, quick, and easy to use risk assessment methodology based on an organizational mission critical asset priority. The second advantage of using this NRTSAPD risk assessment is to integrate several organizational databases such as network helpdesk, asset management, Intrusion Detection System (IDS), Intrusion Prevention System (IPS), firewall and incident response report databases with the management's decision on the mission critical asset priorities. Having the most current asset management with the integrated security incident response databases, the management asset priority driven risk assessment would be answered in a near real time or as current as the asset management inventory; which can sometimes be scanned in real time. Consequently, it produces a realistic Information Systems (IS) production environment risk assessment report in a near real time manner.
This essay challenges core elements of enterprise risk management (ERM) and suggests that an impoverished conception of 'risk appetite' is part of the 'intellectual failure' at the heart of the financial crisis. Regulators, senior management and boards must understand risk appetite more as the consequence of a dynamic organizational process involving values as much as metrics. In addition, ERM has operated as a boundary preserving model of risk management subject to the 'logic of the audit trail', rather than a boundary challenging practice which confronts and addresses the complex realities of interconnectedness. The security provided by ERM is at best limited to certain states of the world and at worst it is illusory - the risk management of nothing. In contrast, Business continuity management (BCM) may provide clues about how risk management might be reconstructed.
Statistical models called hidden Markov models are a recurring theme in computational biology. What are hidden Markov models, and why are they so useful for so many different problems?
The risk management of nothing. Accounting, Organizations and Society
- M Power
Applied numerical methods with MATLAB for engineers and scientists
- S Chapra