Risk analysis has recently emerged as a structured and precise methodology to help modern companies understand their risks and plan the relative countermeasures well in advance. It is based on a number of indicators: parameters that quantify the key concepts on which an enterprise designs its security and safety investments. A modificator is a function that further modifies an existing indicator, and is itself an indicator. It is argued here that Risk Analysis can dramatically benefit from three novel modificators. One, the Exposure Factor during Critical Time (EFCT), expresses the percentage of loss or damage that an attack can infer to a time-critical asset. Another one, the Exposure Factor under Retaliation (EFR), formalises the mitigation to the loss or damage that an attack can infer to an asset when that loss or damage can be retaliated back onto the attacker. The third one, the Mitigated Risk against Collusion (MRC), formalises how a security measure can be effective against a single attacker but not necessarily against a large team of attackers working collaboratively for the same target. Our simulated results firmly support the benefits of such augmented Risk Analysis confirming the novel insights it can provide.
Augmented Risk Analysis
BISTARELLI, Stefano;
2007
Abstract
Risk analysis has recently emerged as a structured and precise methodology to help modern companies understand their risks and plan the relative countermeasures well in advance. It is based on a number of indicators: parameters that quantify the key concepts on which an enterprise designs its security and safety investments. A modificator is a function that further modifies an existing indicator, and is itself an indicator. It is argued here that Risk Analysis can dramatically benefit from three novel modificators. One, the Exposure Factor during Critical Time (EFCT), expresses the percentage of loss or damage that an attack can infer to a time-critical asset. Another one, the Exposure Factor under Retaliation (EFR), formalises the mitigation to the loss or damage that an attack can infer to an asset when that loss or damage can be retaliated back onto the attacker. The third one, the Mitigated Risk against Collusion (MRC), formalises how a security measure can be effective against a single attacker but not necessarily against a large team of attackers working collaboratively for the same target. Our simulated results firmly support the benefits of such augmented Risk Analysis confirming the novel insights it can provide.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.