CCE Faculty Articles
Asset Priority Risk Assessment Using Hidden Markov Models
Document Type
Article
Publication Title
Proceedings of the 10th ACM Conference on SIG-Information Technology Education
Event Date/Location
Fairfax, VA / 2009
ISSN
978-1-60558-765-3
Publication Date
10-2009
Abstract
Conducting risk assessment on organizational assets can be time consuming, burdensome, and misleading in many cases because of the dynamically changing security states of assets. Risk assessments may present inaccurate or false data if the organizational assets change in their security postures. Each asset can change its security status from secure, mitigated, vulnerable, or compromised states. The secure state is only temporary and imaginary; it may never exist. Therefore, it is accurate to say that each asset changes its security state within its mitigated, vulnerable, or compromised, state. If we can predict each asset’s security state prior to its actual state, we would have a good risk indicator for the organization’s mission-critical assets. In this paper, we explore possible security states from the insider’s perspective, as there are more security incidents initiated from inside than outside an organization. However, we are in a continuous loop of mitigating dynamically changing assets caused by both internal and external threats.
DOI
10.1145/1631728.1631750
First Page
65
Last Page
73
NSUWorks Citation
Cannady, James D. Jr. and Pak, Charles, "Asset Priority Risk Assessment Using Hidden Markov Models" (2009). CCE Faculty Articles. 453.
https://nsuworks.nova.edu/gscis_facarticles/453