Asset Priority Risk Assessment Using Hidden Markov Models

Author(s)

James D. Cannady Jr., Nova Southeastern UniversityFollow
Charles Pak, Nova Southeastern UniversityFollow

Document Type

Article

Publication Title

Proceedings of the 10th ACM Conference on SIG-Information Technology Education

Event Date/Location

Fairfax, VA / 2009

ISSN

978-1-60558-765-3

Publication Date

10-2009

Abstract

Conducting risk assessment on organizational assets can be time consuming, burdensome, and misleading in many cases because of the dynamically changing security states of assets. Risk assessments may present inaccurate or false data if the organizational assets change in their security postures. Each asset can change its security status from secure, mitigated, vulnerable, or compromised states. The secure state is only temporary and imaginary; it may never exist. Therefore, it is accurate to say that each asset changes its security state within its mitigated, vulnerable, or compromised, state. If we can predict each asset’s security state prior to its actual state, we would have a good risk indicator for the organization’s mission-critical assets. In this paper, we explore possible security states from the insider’s perspective, as there are more security incidents initiated from inside than outside an organization. However, we are in a continuous loop of mitigating dynamically changing assets caused by both internal and external threats.

DOI

10.1145/1631728.1631750

First Page

65

Last Page

73

NSUWorks Citation

Cannady, James D. Jr. and Pak, Charles, "Asset Priority Risk Assessment Using Hidden Markov Models" (2009). CCE Faculty Articles. 453.
https://nsuworks.nova.edu/gscis_facarticles/453