Mehmet Sahinoglu - Auburn University at Montgomery, AL
Students: Fall 2024, unless noted otherwise, sessions will be virtual on Zoom.
Quantitative Risk Assessment of Software Security and Privacy, and Risk Management with Game Theory
Feb 11, 2009
PDFDownload: MP4 Video Size: 873.3MB
Watch on YouTube
Abstract
The need for information security is undeniable and self-evident. The pervasiveness of this critical topic requires primarily risk assessment and management through quantitative means. To conduct an assessment; repeated security probes, surveys, and input data measurements must be taken and verified toward the goal of risk mitigation with minimal cost. One can evaluate risk using a probabilistically accurate statistical estimation scheme in a quantitative security meter (SM) model that mimics the events of the breach of security. An empirical study using Java code is presented and its accuracy is verified by discrete-event or Monte Carlo simulations. The design improves as more data are collected and updated. Practical aspects of the SM are presented with a real-world example as related to a PC user and a risk-management scenario using the Game Theory approach for optimal cost mitigation results.Index Terms(10)— Quantitative Risk Assessment, Cost Mitigation, Countermeasure, Security, Privacy, Management, Simulation, Threat, Vulnerability, Game Theory