Proactive risk assessment based on attack graphs An element of the risk management process on system, enterprise and national level
[Referat wygłoszony na: IEEE International Conference on Data Science and Systems DSS-2018, Exeter, Wielka Brytania, 27.06-01.07.2018 r.]
Published in: 2018 IEEE 20th International Conference on High Performance Computing and Communications; IEEE 16th International Conference on Smart City; IEEE 4th International Conference on Data Science and Systems (HPCC/SmartCity/DSS)
Abstract: The paper discusses graph based risk assessment approach to the evaluation of computer systems' security. The method is based on MulVAL attack graph generation tool, adapted for risk calculation, generating possible attack paths leading to crucial assets of the audited IT system. It uses information from the security audits (hosts vulnerabilities) and detailed topology information. The authors present the approach to standard IT system security evaluation and risk assessment as well as advantages of the graph - based method. As the follow up, high level risk assessment of a broader, multi-domain national level environment is proposed.