Journal of Network and Systems Management, ( ISI ), Volume (28), No (4), Year (2020-10) , Pages (1794-1819)

Title : ( Bayesian Decision Network-Based Security Risk Management Framework )

Authors: Masoud Khosravi Farmad , Abbas Ghaemi Bafghi ,

Citation: BibTeX | EndNote

Abstract

Network security risk management is comprised of several essential processes, namely risk assessment, risk mitigation and risk validation and monitoring, which should be done accurately to maintain the overall security level of a network in an acceptable level. In this paper, an integrated framework for network security risk management is presented which is based on a probabilistic graphical model called Bayesian decision network (BDN). Using BDN, we model the information needed for managing security risks, such as information about vulnerabilities, risk-reducing countermeasures and the efects of implementing them on vulnerabilities, with the minimum need for expert’s knowledge. In order to increase the accuracy of the proposed risk assessment process, vulnerabilities exploitation probability and impact of vulnerabilities exploitation on network assets are calculated using inherent, temporal and environmental factors. In the risk mitigation process, a cost-beneft analysis is efciently done using modifed Bayesian inference algorithms even in case of budget limitation. The experimental results show that network security level enhances signifcantly due to precise assessment and appropriate mitigation of risks.

Keywords

Risk assessment · Risk mitigation · Risk management framework · Costbeneft analysis · Decision making · Bayesian decision network
برای دانلود از شناسه و رمز عبور پرتال پویا استفاده کنید.

@article{paperid:1083086,
author = {Khosravi Farmad, Masoud and Ghaemi Bafghi, Abbas},
title = {Bayesian Decision Network-Based Security Risk Management Framework},
journal = {Journal of Network and Systems Management},
year = {2020},
volume = {28},
number = {4},
month = {October},
issn = {1064-7570},
pages = {1794--1819},
numpages = {25},
keywords = {Risk assessment · Risk mitigation · Risk management framework · Costbeneft analysis · Decision making · Bayesian decision network},
}

[Download]

%0 Journal Article
%T Bayesian Decision Network-Based Security Risk Management Framework
%A Khosravi Farmad, Masoud
%A Ghaemi Bafghi, Abbas
%J Journal of Network and Systems Management
%@ 1064-7570
%D 2020

[Download]