Do you want to publish a course? Click here

Why 2 times 2 aint necessarily 4 - at least not in IT security risk assessment

79   0   0.0 ( 0 )
 Added by Jens Braband
 Publication date 2016
and research's language is English
 Authors Jens Braband




Ask ChatGPT about the research

Recently, a novel approach towards semi-quantitative IT security risk assessment has been proposed in the draft IEC 62443-3-2. This approach is analyzed from several different angles, e.g. embedding into the overall standard series, semantic and methodological aspects. As a result, several systematic flaws in the approach are exposed. As a way forward, an alternative approach is proposed which blends together semi-quantitative risk assessment as well as threat and risk analysis.



rate research

Read More

87 - Jens Braband 2017
Some recent incidents have shown that possibly the vulnerability of IT systems in railway automation has been underestimated. Fortunately, so far, almost only denial-of-service attacks were successful, but due to several trends, such as the use of commercial IT and communication systems or privatization, the threat potential could increase in the near future. However, up to now, no harmonized IT security risk assessment framework for railway automation exists. This paper defines an IT security risk assessment framework which aims to separate IT security and safety requirements as well as certification processes as far as possible. It builds on the well-known safety and approval processes from IEC 62425 and integrates IT security requirements based on the ISA99/IEC62443 standard series. While the detailed results are related to railway automation the general concepts are also applicable to other safety-critical application areas.
Cyber-physical systems (CPS) are interconnected architectures that employ analog, digital, and communication resources for their interaction with the physical environment. CPS are the backbone of enterprise, industrial, and critical infrastructure. Thus, their vital importance makes them prominent targets for malicious attacks aiming to disrupt their operations. Attacks targeting cyber-physical energy systems (CPES), given their mission-critical nature, can have disastrous consequences. The security of CPES can be enhanced leveraging testbed capabilities to replicate power system operations, discover vulnerabilities, develop security countermeasures, and evaluate grid operation under fault-induced or maliciously constructed scenarios. In this paper, we provide a comprehensive overview of the CPS security landscape with emphasis on CPES. Specifically, we demonstrate a threat modeling methodology to accurately represent the CPS elements, their interdependencies, as well as the possible attack entry points and system vulnerabilities. Leveraging the threat model formulation, we present a CPS framework designed to delineate the hardware, software, and modeling resources required to simulate the CPS and construct high-fidelity models which can be used to evaluate the systems performance under adverse scenarios. The system performance is assessed using scenario-specific metrics, while risk assessment enables system vulnerability prioritization factoring the impact on the system operation. The overarching framework for modeling, simulating, assessing, and mitigating attacks in a CPS is illustrated using four representative attack scenarios targeting CPES. The key objective of this paper is to demonstrate a step-by-step process that can be used to enact in-depth cybersecurity analyses, thus leading to more resilient and secure CPS.
We discuss proton decay in a recently proposed model of supersymmetric hybrid inflation based on the gauge symmetry $SU(4)_c times SU(2)_L times SU(2)_R$. A $U(1), R$ symmetry plays an essential role in realizing inflation as well as in eliminating some undesirable baryon number violating operators. Proton decay is primarily mediated by a variety of color triplets from chiral superfields, and it lies in the observable range for a range of intermediate scale masses for the triplets. The decay modes include $p rightarrow e^{+}(mu^+) + pi^0$, $p rightarrow bar{ u} + pi^{+}$, $p rightarrow K^0 + e^+(mu^{+})$, and $p rightarrow K^+ + bar{ u}$, with a lifetime estimate of order $10^{34}-10^{36}$ yrs and accessible at Hyper-Kamiokande and future upgrades. The unification at the Grand Unified Theory (GUT) scale $M_{rm GUT}$ ($sim 10^{16}$ GeV) of the Minimal Supersymmetric Standard Model (MSSM) gauge couplings is briefly discussed.
We explore the sparticle mass spectra including LSP dark matter within the framework of supersymmetric $SU(4)_c times SU(2)_L times SU(2)_R$ (422) models, taking into account the constraints from extensive LHC and cold dark matter searches. The soft supersymmetry-breaking parameters at $M_{GUT}$ can be non-universal, but consistent with the 422 symmetry. We identify a variety of coannihilation scenarios compatible with LSP dark matter, and study the implications for future supersymmetry searches and the ongoing muon g-2 experiment.
Adversarial attacks for machine learning models have become a highly studied topic both in academia and industry. These attacks, along with traditional security threats, can compromise confidentiality, integrity, and availability of organizations assets that are dependent on the usage of machine learning models. While it is not easy to predict the types of new attacks that might be developed over time, it is possible to evaluate the risks connected to using machine learning models and design measures that help in minimizing these risks. In this paper, we outline a novel framework to guide the risk management process for organizations reliant on machine learning models. First, we define sets of evaluation factors (EFs) in the data domain, model domain, and security controls domain. We develop a method that takes the asset and task importance, sets the weights of EFs contribution to confidentiality, integrity, and availability, and based on implementation scores of EFs, it determines the overall security state in the organization. Based on this information, it is possible to identify weak links in the implemented security measures and find out which measures might be missing completely. We believe our framework can help in addressing the security issues related to usage of machine learning models in organizations and guide them in focusing on the adequate security measures to protect their assets.
comments
Fetching comments Fetching comments
Sign in to be able to follow your search criteria
mircosoft-partner

هل ترغب بارسال اشعارات عن اخر التحديثات في شمرا-اكاديميا