Mathias Ekstedt

A probabilistic relational model for security risk analysis

Information system security risk, defined as the product of the monetary losses associated with security incidents and the probability that they occur, is a suitable decision criterion when considering different information system architectures. This paper describes how probabilistic relational models can be used to specify architecture metamodels so that security risk can be inferred from metamodel instantiations. A probabilistic relational model contains classes, attributes, and class-relationships. It can be used to specify architectural metamodels similar to class diagrams in the Unified Modeling Language. In addition, a probabilistic relational model makes it possible to associate a probabilistic dependency model to the attributes of classes in the architectural metamodel. This paper proposes a set of abstract classes that can be used to create probabilistic relational models so that they enable inference of security risk from instantiated architecture models. If an architecture metamodel is created by specializing the abstract classes proposed in this paper, the instantiations of the metamodel will generate a probabilistic dependency model that can be used to calculate the security risk associated with these instantiations. The abstract classes make it possible to derive the dependency model and calculate security risk from an instance model that only specifies assets and their relationships to each other. Hence, the person instantiating the architecture metamodel is not required to assess complex security attributes to quantify security risk using the instance model.

The Cyber Security Modeling Language: A Tool for Assessing the Vulnerability of Enterprise System Architectures

The cyber security modeling language (CySeMoL) is a modeling language for enterprise-level system architectures coupled to a probabilistic inference engine. If the computer systems of an enterprise are modeled with CySeMoL, this inference engine can assess the probability that attacks on the systems will succeed. The theory used for the attack-probability calculations in CySeMoL is a compilation of research results on a number of security domains and covers a range of attacks and countermeasures. The theory has previously been validated on a component level. In this paper, the theory is also validated on a system level. A test indicates that the reasonableness and correctness of CySeMoL assessments compare with the reasonableness and correctness of the assessments of a security professional. CySeMoLs utility has been tested in case studies.

Where's the Theory for Software Engineering?

Darwins theory of natural selection, Maxwells equations, the theory of demand and supply; almost all established academic disciplines place great emphasis on what their core theory is. This is not, however, the case in software engineering. What is the reason behind the software engineering communitys apparent indifference to a concept that is so important to so many others?

The Effect of IT Governance Maturity on IT Governance Performance

There are several best practice based frameworks that detail effective arrangements for the internal structure of an IT organization. Although it is reasonable that there is a correlation between the quality of the internal structure of an IT organization – labeled IT governance maturity, and the external impact of the same IT organization on the business – labeled IT governance performance, this has not been validated. The results, based on 35 case studies, confirm the hypotheses of a positive correlation between IT governance maturity and IT governance performance. Among IT processes described in 34 references, the internal structure of the IT organization, clearly defined organizational structures and relationships, mature quality management, and cost allocation show the strongest positive correlation to IT governance performance. The maturity of project management and service level management, as well as performance and capacity management, show almost no correlation to IT governance performance. The findings can be used to improve current frameworks for IT governance.

Empirical Analysis of System-Level Vulnerability Metrics through Actual Attacks

The Common Vulnerability Scoring System (CVSS) is a widely used and well-established standard for classifying the severity of security vulnerabilities. For instance, all vulnerabilities in the US National Vulnerability Database (NVD) are scored according to this method. As computer systems typically have multiple vulnerabilities, it is often desirable to aggregate the score of individual vulnerabilities to a system level. Several such metrics have been proposed, but their quality has not been studied. This paper presents a statistical analysis of how 18 security estimation metrics based on CVSS data correlate with the time-to-compromise of 34 successful attacks. The empirical data originates from an international cyber defense exercise involving over 100 participants and were collected by studying network traffic logs, attacker logs, observer logs, and network vulnerabilities. The results suggest that security modeling with CVSS data alone does not accurately portray the time-to-compromise of a system. However, results also show that metrics employing more CVSS data are more correlated with time-to-compromise. As a consequence, models that only use the weakest link (most severe vulnerability) to compose a metric are less promising than those that consider all vulnerabilities.

Cyber Security Risks Assessment with Bayesian Defense Graphs and Architectural Models

To facilitate rational decision making regarding cyber security investments, decision makers need to be able to assess expected losses before and after potential investments. This paper presents a model based assessment framework for analyzing the cyber security provided by different architectural scenarios. The framework uses the Bayesian statistics based Extended Influence Diagrams to express attack graphs and related countermeasures. In this paper it is demonstrated how this structure can be captured in an

Enterprise Architecture Meta Models for IT/Business Alignment Situations

Enterprise Architecture models can be used to support IT/business alignment. However, existing approaches do not distinguish between different IT/business alignment situations. Since companies face diverse challenges in achieving a high degree of IT/business alignment, a universal ‘one size fits all’ approach does not seem appropriate. This paper proposes to decompose the IT/business alignment problem into tangible qualities for business, IT systems, and IT governance. An explorative study among 162 professionals is used to distinguish four IT/business alignment situations, i.e. four clusters of IT/business alignment problems. These situations each represent the current state according to certain qualities and also the priorities for future development. In order to increase IT/business alignment, enterprise architecture meta models are proposed for each identified situation. One core meta model (to reflect common priorities) as well as situation specific extensions are presented.

Information security knowledge sharing in organizations: Investigating the effect of behavioral information security governance and national culture

This paper presents an empirical investigation on what behavioral information security governance factors drives the establishment of information security knowledge sharing in organizations. Data w ...

EAF2- A Framework for Categorizing Enterprise Architecture Frameworks

What constitutes an enterprise architecture framework is a contested subject. The contents of present enterprise architecture frameworks thus differ substantially. This paper aims to alleviate the confusion regarding which framework contains what by proposing a meta framework for enterprise architecture frameworks. By using this meta framework, decision makers are able to express their requirements on what their enterprise architecture framework must contain and also to evaluate whether the existing frameworks meets these requirements. An example classification of common EA frameworks illustrates the approach.

Enterprise architecture availability analysis using fault trees and stakeholder interviews

The availability of enterprise information systems is a key concern for many organisations. This article describes a method for availability analysis based on Fault Tree Analysis and constructs from the ArchiMate enterprise architecture (EA) language. To test the quality of the method, several case-studies within the banking and electrical utility industries were performed. Input data were collected through stakeholder interviews. The results from the case studies were compared with availability of log data to determine the accuracy of the methods predictions. In the five cases where accurate log data were available, the yearly downtime estimates were within eight hours from the actual downtimes. The cost of performing the analysis was low; no case study required more than 20 man-hours of work, making the method ideal for practitioners with an interest in obtaining rapid availability estimates of their enterprise information systems.