CCE Faculty Articles
Asset Priority Risk Assessment Using Hidden Markov Models
Event Date/Location
Fairfax, VA / 2009
Document Type
Article
Date
10-2009
Publication Title
Proceedings of the 10th ACM Conference on SIG-Information Technology Education
ISSN or ISBN
978-1-60558-765-3
First Page
65
Last Page
73
Description
Conducting risk assessment on organizational assets can be time consuming, burdensome, and misleading in many cases because of the dynamically changing security states of assets. Risk assessments may present inaccurate or false data if the organizational assets change in their security postures. Each asset can change its security status from secure, mitigated, vulnerable, or compromised states. The secure state is only temporary and imaginary; it may never exist. Therefore, it is accurate to say that each asset changes its security state within its mitigated, vulnerable, or compromised, state. If we can predict each asset’s security state prior to its actual state, we would have a good risk indicator for the organization’s mission-critical assets. In this paper, we explore possible security states from the insider’s perspective, as there are more security incidents initiated from inside than outside an organization. However, we are in a continuous loop of mitigating dynamically changing assets caused by both internal and external threats.
DOI
10.1145/1631728.1631750
NSUWorks Citation
Cannady, James D. Jr. and Pak, Charles, "Asset Priority Risk Assessment Using Hidden Markov Models" (2009). CCE Faculty Articles. 453.
https://nsuworks.nova.edu/gscis_facarticles/453