As security managers in the industry usually have to operate with limited budgets allocated to information security, they need to prioritize their investment efforts regarding the response mechanisms to the existing vulnerabilities. Vulnerability exploits cost organizations large amounts of resources, mainly due to disruption of ICT services, and thus loss of confidentiality, integrity and availability. Keywordsthreats analysis-attack simulation-critical infrastructure protection-network security policies-risk assessment-security modelling and simulation This guides optimal adaptation of the security policy to the given vulnerability setting. That abstract representations of these graphs can be computed that allow comparison of focussed views on the behaviour of A unique feature of the presented approach is, The impact of changes to security policiesĬan be computed and visualised by finding differences in the attack graphs.
A graph of all possibleĪttack paths is automatically computed from the model of an ICT network, of vulnerabilities, exploits and an attacker strategy.Ĭonstraints on this graph are given by a model of the network security policy. This paper presents an integrated framework for model-based symbolic interpretation, simulationĪnd analysis with a comprehensive approach focussing on the validation of network security policies. The systematic protection of critical information infrastructures requires an analytical process to identify the criticalĬomponents and their interplay, to determine the threats and vulnerabilities, to assess the risks and to prioritise countermeasures
0 kommentar(er)
