Development of an Improved risk Assesment Model in Cyberspace Security Management
Loading...
Date
2016
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
This research formulated and simulated a risk assessment model for cyberspace network security risks. This was with a view to determine the security state of the selected cyberspace network by considering the cyberspace risk concerns such as threats, attacks and vulnerabilities.
A cyberspace network was selected i.e OAUNET. The vulnerability and attack was analyzed based on the National Vulnerability Database (NVD). The ease of exploitability of the risk was determined using the Common Vulnerability Scoring System (CVSS) model. The risk assessment model was formulated using the synergy of Absorbing Markov Chain and Markov Reward Model. The graphical representation of attackers behavior was modeled using Attack Tree based on the inter-relationships between the vulnerabilities. R-Statistics Package was used to simulate the model formulated. The simulation output of the risk was presented in tables and graph.
The performance of the developed risk model was evaluated using Reliability and Availability as the evaluation measures of the model.
The simulation result shows that the expected path length of an attacker reduces as the days increases because as soon as a vulnerability is out with the exploit code it becomes easier for attackers to leverage on the exploit code to infiltrate a network. The performance of the developed model was carried out by benchmarking with an existing model. The evaluation results proved that the risk assessment of the developed model is higher in performance of reliability and the availability. The developed model was able to assess security risks of a selected cyberspace network with 86.7% reliability and 93% availability rate, which implies, increase of 28.9% of reliability and 12% of availability respectively over the existing model. The results showed that the developed model is able to obtain a better effectiveness in optimizing the network performances by providing information about the inherent cyberspace network risks to deliver the higher reliability and a higher availability; also, has the capability of performing long time prediction and mitigating risk occurrences.
It was concluded that the proposed assessment model measures the security risk quantitatively and predicts performances using objectives metrics and eventually improves the overall network performance efficiencies by reducing the impact or consequences of risk and being able to perform long term prediction. Thus, can be adapted for risk assessment in a network by the network administrators for more effective network management in a minimum time and at a minimum expense. This research will provide security practitioners a better understanding of the relationship between vulnerabilities and their lifecycle events and will provide information about the state of security and also remediation actions.
Description
xv,119 Pages
Keywords
Risk Assessment, Cyberspace, Security Management, OAUNET, National Vulnerability Database, Vulnerability Scoring System
Citation
Akinsiku,O.A.(2016).Development of an improved risk assessment model in cyberspace Security Management