Cyber-Risk Informatics - Engineering Evaluation With Data Science

Read more

This book provides a scientific modeling approach for conducting metrics-based quantitative risk assessments of cybersecurity vulnerabilities and threats.
 
This book provides a scientific modeling approach for conducting metrics-based quantitative risk assessments of cybersecurity threats. The author builds from a common understanding based on previous class-tested works to introduce the reader to the current and newly innovative approaches to address the maliciously-by-human-created (rather than by-chance-occurring) vulnerability and threat, and related cost-effective management to mitigate such risk. This book is purely statistical data-oriented (not deterministic) and employs computationally intensive techniques, such as Monte Carlo and Discrete Event Simulation. The enriched JAVA ready-to-go applications and solutions to exercises provided by the author at the book's specifically preserved website will enable readers to utilize the course related problems.
 
* Enables the reader to use the book's website's applications to implement and see results, and use them making 'budgetary' sense
 
* Utilizes a data analytical approach and provides clear entry points for readers of varying skill sets and backgrounds
 
* Developed out of necessity from real in-class experience while teaching advanced undergraduate and graduate courses by the author
 
Cyber-Risk Informatics is a resource for undergraduate students, graduate students, and practitioners in the field of Risk Assessment and Management regarding Security and Reliability Modeling.
 
Mehmet Sahinoglu, a Professor (1990) Emeritus (2000), is the founder of the Informatics Institute (2009) and its SACS-accredited (2010) and NSA-certified (2013) flagship Cybersystems and Information Security (CSIS) graduate program (the first such full degree in-class program in Southeastern USA) at AUM, Auburn University's metropolitan campus in Montgomery, Alabama. He is a fellow member of the SDPS Society, a senior member of the IEEE, and an elected member of ISI. Sahinoglu is the recipient of Microsoft's Trustworthy Computing Curriculum (TCC) award and the author of Trustworthy Computing (Wiley, 2007).

List of contents

Prologue xiv
 
Reviews xv
 
Preface xxi
 
Acknowledgments and Dedication xxix
 
About the Author xxxi
 
1 Metrics, Statistical Quality Control, and Basic Reliability in Cyber-Risk 1
 
1.1 Deterministic and Stochastic Cyber-Risk Metrics 1
 
1.2 Statistical Risk Analysis 2
 
1.2.1 Introduction to Statistical Hypotheses 2
 
1.2.2 Decision Rules 3
 
1.2.3 One-Tailed Tests 4
 
1.2.4 Two-Tailed Tests 4
 
1.2.5 Decision Errors 6
 
1.2.6 Applications to One-Tailed Tests Associated with Both Type I and Type II Errors 7
 
1.2.7 Applications to Two-Tailed Tests (Normal Distribution Assumption) 11
 
1.3 Acceptance Sampling in Quality Control 16
 
1.3.1 Introduction 16
 
1.3.2 Definition of an Acceptance Sampling Plan 16
 
1.3.3 The OC Curve 16
 
1.4 Poisson and Normal Approximation to Binomial in Quality Control 19
 
1.4.1 Approximations to Binomial Distribution 19
 
1.4.2 Approximation of Binomial to Poisson Distribution 19
 
1.4.3 Approximation to Normal Distribution 20
 
1.4.4 Comparisons of Normal and Poisson Approximations to the Binomial 21
 
1.5 Basic Statistical Reliability Concepts and Mc Simulators 21
 
1.5.1 Fundamental Equations for Reliability, Hazard, and Statistical Notions 23
 
1.5.2 Fundamentals for Reliability Block Diagramming and Redundancy 27
 
1.5.3 Solving Basic Reliability Questions by Using Student-Friendly Pedagogical Examples 30
 
1.5.4 MC Simulators for Commonly Used Distributions in Reliability 47
 
1.6 Discussions and Conclusion 52
 
1.7 Exercises 52
 
References 60
 
2 Complex Network Reliability Evaluation and Estimation in Cyber-Risk 61
 
2.1 Introduction 61
 
2.2 Overlap Technique to Calculate Complex Network Reliability 62
 
2.2.1 Network State Enumeration and Example 1 63
 
2.2.2 Generating Minimal Paths and Example 2 64
 
2.2.3 Overlap Method Algorithmic Rules and Example 3 68
 
2.3 The Overlap Method: Monte Carlo and Discrete Event Simulation 70
 
2.4 Multistate System Reliability Evaluation 71
 
2.4.1 Simple Series System with Single Derated States 73
 
2.4.2 Active Parallel System 73
 
2.4.3 Simple Series-Parallel System 74
 
2.4.4 A Simple Series-Parallel System with Multistate Components 75
 
2.4.5 A Combined System: Power Plant Example 76
 
2.4.6 Large Network Examples Using Multistate Overlap Technique 77
 
2.5 Weibull Time Distributed Reliability Evaluation 78
 
2.5.1 Motivation behind Weibull Probability Modeling 78
 
2.5.2 Weibull Parameter Estimation Methodology 79
 
2.5.3 Overlap Algorithm Applied to Weibull Distributed Components 80
 
2.5.4 Estimating Weibull Parameters 80
 
2.5.5 Fifty-Two-Node Weibull Example for Estimating Weibull Parameters 85
 
2.5.6 A Weibull Network Example from an Oil Rig System 90
 
2.6 Discussions and Conclusion 90
 
Appendix 2.A Overlap Algorithm and Example 93
 
2.A.1 Algorithm 93
 
2.A.2 Example 95
 
2.7 Exercises 101
 
References 103
 
3 Stopping Rules for Reliability and Security Tests in Cyber-Risk 105
 
3.1 Introduction 105
 
3.2 Methods 107
 
3.2.1 Lgm by Verhulst 108
 
3.2.2 Compound Poisson Model 110
 
3.3 Examples Merging Both Stopping Rules: Lgm and Cpm 114
 
3.3.1 The DR5 Data Set Example 114
 
3.3.2 The Dr4 Data Set Example 118
 
3.3.3 The Supercomputing Cloud Historical Failure Data--Case Study 119
 
3.3.4 Appendix

About the author

Mehmet Sahinoglu, a Professor (1990) Emeritus (2000), is the founder of the Informatics Institute (2009) and its SACS-accredited (2010) and NSA-certified (2013) flagship Cybersystems and Information Security (CSIS) graduate program (the first such full degree in-class program in Southeastern USA) at AUM, Auburn University's metropolitan campus in Montgomery, Alabama. He is a fellow member of the SDPS Society, a senior member of the IEEE, and an elected member of ISI. Sahinoglu is the recipient of Microsoft's Trustworthy Computing Curriculum (TCC) award and the author of Trustworthy Computing (Wiley, 2007).

Summary

This book provides a scientific modeling approach for conducting metrics-based quantitative risk assessments of cybersecurity vulnerabilities and threats. This book provides a scientific modeling approach for conducting metrics-based quantitative risk assessments of cybersecurity threats.