Risk analysis has recently emerged as a structured and precise methodology to help modern companies understand their risks and plan the relative countermeasures well in advance. It is based on a number of indicators: parameters that quantify the key concepts on which an enterprise designs its security and safety investments. A modificator is a function that further modifies an existing indicator, and is itself an indicator. It is argued here that Risk Analysis can dramatically benefit from three novel modificators. One, the Exposure Factor during Critical Time (EFCT), expresses the percentage of loss or damage that an attack can infer to a time-critical asset. Another one, the Exposure Factor under Retaliation (EFR), formalises the mitigation to the loss or damage that an attack can infer to an asset when that loss or damage can be retaliated back onto the attacker. The third one, the Mitigated Risk against Collusion (MRC), formalises how a security measure can be effective against a single attacker but not necessarily against a large team of attackers working collaboratively for the same target. Our simulated results firmly support the benefits of such augmented Risk Analysis confirming the novel insights it can provide.

Augmented Risk Analysis

BISTARELLI, Stefano;
2007

Abstract

Risk analysis has recently emerged as a structured and precise methodology to help modern companies understand their risks and plan the relative countermeasures well in advance. It is based on a number of indicators: parameters that quantify the key concepts on which an enterprise designs its security and safety investments. A modificator is a function that further modifies an existing indicator, and is itself an indicator. It is argued here that Risk Analysis can dramatically benefit from three novel modificators. One, the Exposure Factor during Critical Time (EFCT), expresses the percentage of loss or damage that an attack can infer to a time-critical asset. Another one, the Exposure Factor under Retaliation (EFR), formalises the mitigation to the loss or damage that an attack can infer to an asset when that loss or damage can be retaliated back onto the attacker. The third one, the Mitigated Risk against Collusion (MRC), formalises how a security measure can be effective against a single attacker but not necessarily against a large team of attackers working collaboratively for the same target. Our simulated results firmly support the benefits of such augmented Risk Analysis confirming the novel insights it can provide.
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11391/121115
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 2
  • ???jsp.display-item.citation.isi??? ND
social impact