Projekte pro Jahr
Abstract
In this paper, we show a use-case of structured expert judgment to assess the risk of a cyber-security attack. We showcase the process of elicitating unknown and uncertain values using multiple experts and combining these judgments by weighing the experts based on their performance. The performance of an expert is assessed using the information and calibration score calculated from the judgments of calibration questions. The judgments are stated with three-points estimates of minimum, most likely, and maximum value, which serve as input for the PERT probability distribution. For the use-case, the input values frequency, vulnerability, and impact were asked. The combined results are propagated along an attack path to calculate the risk of a cyber-security attack. This was done using RISKEE, a tool for assessing risk in cyber-security and implementing the combination of expert judgments and propagation of the values in an attack-tree. It uses an attack graph to model the attack paths and applies probability distributions for the input values to consider the uncertainty of predictions and expert judgments. We also describe experiences and lessons-learned for conducting an expert elicitation to acquire input values for estimating risks in cyber-security.
| Originalsprache | englisch |
|---|---|
| Titel | Systems, Software and Services Process Improvement - 27th European Conference, EuroSPI 2020, Proceedings |
| Redakteure/-innen | Murat Yilmaz, Paul Clarke, Jörg Niemann, Richard Messnarz |
| Herausgeber (Verlag) | Springer |
| Seiten | 120-134 |
| Seitenumfang | 15 |
| ISBN (Print) | 9783030564407 |
| DOIs | |
| Publikationsstatus | Veröffentlicht - 9 Aug. 2020 |
| Veranstaltung | 27th European Conference on Systems, Software and Services Process Improvement: EuroSPI 2020 - Düsseldorf, Hybrider Event, Düsseldorf, Deutschland Dauer: 9 Sept. 2020 → 11 Sept. 2020 https://2020.eurospi.net/ |
Publikationsreihe
| Name | Communications in Computer and Information Science |
|---|---|
| Band | 1251 CCIS |
| ISSN (Print) | 1865-0929 |
| ISSN (elektronisch) | 1865-0937 |
Konferenz
| Konferenz | 27th European Conference on Systems, Software and Services Process Improvement |
|---|---|
| Kurztitel | EuroSPI 2020 |
| Land/Gebiet | Deutschland |
| Ort | Hybrider Event, Düsseldorf |
| Zeitraum | 9/09/20 → 11/09/20 |
| Internetadresse |
ASJC Scopus subject areas
- Informatik (insg.)
- Mathematik (insg.)
- Sicherheit, Risiko, Zuverlässigkeit und Qualität
Fields of Expertise
- Information, Communication & Computing
Treatment code (Nähere Zuordnung)
- Application
Fingerprint
Untersuchen Sie die Forschungsthemen von „Assessing Risk Estimations for Cyber-Security Using Expert Judgment“. Zusammen bilden sie einen einzigartigen Fingerprint.-
Industrial Informatics
Macher, G., Dobaj, J., Krug, T., Blažević, R. & Veledar, O.
1/09/12 → …
Projekt: Arbeitsgebiet
-
AH-DHYAMONT - Steuerungsplattform für Stromerzeugung aus Wasserkraft
Macher, G., Krisper, M., Dobaj, J. & Krug, T.
1/01/19 → 1/02/21
Projekt: Forschungsprojekt
Aktivitäten
-
Assessing Risk Estimations for Cyber-Security Using Expert Judgment
Michael Krisper (Redner/in)
9 Sept. 2020Aktivität: Vortrag oder Präsentation › Vortrag bei Konferenz oder Fachtagung › Science to science
-
27th European Conference on System, Software, and Service Process Improvements and Innovations
Michael Krisper (Teilnehmer/-in)
9 Sept. 2020 → 11 Sept. 2020Aktivität: Teilnahme an / Organisation von › Konferenz oder Fachtagung (Teilnahme an/Organisation von)