Modeling Asset Dependency for Security Risk Analysis using Threat-Scenario Dependency

Document Sample
Modeling Asset Dependency for Security Risk Analysis using Threat-Scenario Dependency Powered By Docstoc
					                                                             (IJCSIS) International Journal of Computer Science and Information Security,
                                                                                                                     Vol. 10, No. 4, 2012

         Modeling Asset Dependency for Security Risk
         Analysis using Threat-Scenario Dependency

                     Basuki Rahmad                                                               Jaka Sembiring
             Faculty of Industrial Engineering                                  School of Electrical Engineering & Informatic
                Institut Teknologi Telkom                                                Institut Teknologi Bandung
                         Indonesia                                                                 Indonesia
                   azkaku@gmail.com                                                             jaka@itb.ac.id

               Suhono Harso Supangkat                                                          Kridanto Surendro
      School of Electrical Engineering & Informatic                             School of Electrical Engineering & Informatic
               Institut Teknologi Bandung                                                Institut Teknologi Bandung
                         Indonesia                                                                 Indonesia
                     suhono@itb.ac.id                                                      endro@informatika.org



Abstract — The lack of asset dependency consideration in the                  We have elaborated several standards or frameworks on
majority models of information system risk analysis has                   information system risk analysis (IT Grundschutz, EBIOS,
limitation in business model and value model representation. This         Mehari, Magerit, ISO/IEC 27005, OCTAVE, NIST, Suh &
paper is aimed to propose the new model of information security           Han, Fenz) and developed a taxonomy of information system
risk analysis based on the paradigm of asset dependency using             risk analysis in the perspective of asset dependency, as shown
threat-scenario dependency. Based on the experiment, the                  in Figure 1. As shown by that taxonomy, the majority of
proposed model has a greater sensitivity compared to model that           standards/frameworks don’t consider the asset dependency
uses security objective dependency. The features of proposed              paradigm. This paradigm has two critical limitations in
model also provide a greater flexibility and efficiency to the
                                                                          representing the business model [4] and the value model [3].
information security risk analysis cycle.
                                                                          And finally, those limitations will have effects on the accuracy
   Keywords: Asset-Dependency;       Risk   Analysis;   Security;         and the real world representation of information security risk
Bayesian-Network                                                          analysis.

                      I.    INTRODUCTION
    Today, IT Risk Management is getting more important [6],
as shown by recent survey by ISACA [8]. In general, we can
classify the portfolio of IT Risk in project risk, IT Continuity
risk, Information Asset risk, vendor & third party risk,
application risk, infrastructure risk and strategic risk [7]. But
this paper will be focused on the system-level risk: the relation
of technical risk (application, infrastructure and facility) and
the business risk impacted by the technical risk.
    Generally, current information system security risk
management methodologies have common phases: system
characterization, threat & vulnerability assessment, risk
determination,    control   identification and    control
implementation [1].
   System characterization determines the scope of risk
analysis, what assets included and what the level of risk
appetite. An evaluation of one asset can’t be isolated from an
evaluation of another asset whose relationship with it [2].
Based on this characteristic of asset evaluation, system
characterization in risk analysis should consider the asset
dependency.                                                               Figure 1 – IS Risk Analysis Taxonomy (Asset Dependency Perspective) [13]




                                                                    103                                 http://sites.google.com/site/ijcsis/
                                                                                                        ISSN 1947-5500
                                                                      (IJCSIS) International Journal of Computer Science and Information Security,
                                                                                                                              Vol. 10, No. 4, 2012
   The methodologies that consider the asset dependency can                              CODE             DESCRIPTION
be divided into two groups, using the perspective of security                            AUX.PWR          Electrical power source
objective dependency and using the perspective of direct threat                          PHY              Physical Facility
dependency.                                                                              PHY.DC           Data Center or Disaster Recovery Center
                                                                                         PHY.WR           Working room
    Magerit [5] and Business-Model-based Risk Analysis by                                PER              Personnel
Suh & Han [4] use the security objective dependency to                                   PER.USR          User personels that operate information system
represent asset dependency. Suh & Han implements only an                                 PER.CST          IT Staff user that conduct a information system
                                                                                                          custodian or technical support
availability objective, where Magerit provides more security
objectives that Suh & Han (confidentiality, integrity,
availability, authenticity, accountability). Though Magerit and                 ii.   The threat catalogue is a combination of Magerit [3] and
Suh & Han have provided the significant contribution in the                           ISO/IEC 27005 [10].
asset dependency paradigm, they still have limitation on the
pattern of the security objective dependency degree and the                     iii. To improve the role of control, we refer Mehari’s control
pattern of security control roles. This pattern weakness can                         types [9]. The combination of control types to threat value
influence the accuracy of risk analysis result.                                      reduction is illustrated in Table 2.
    Fenz in [1] uses the direct threat dependency to represent                                 TABLE 2 – CONTROL’S ROLE TO THREAT REDUCTION
the asset dependency. Though the Fenz’s method offer more                                                       Threat Likelihood       Threat Degradation
                                                                                        Control Type
intuitive approach than Magerit and Suh & Han, it still has                                                        Reduction                Reduction
limitations in the flexibility regarding the change of threat                               Preventive                  X
environment and the pattern of security control roles.                                      Dissuasive                  X
                                                                                            Protection                                            X
                II.   MODELING ASSET DEPENDENCY                                             Palliative                                            X
                                                                                           Recuperative                                           X
A. Basic Concept References
   Before we discuss the proposed model, this section will                      B. The Concept of Threat-Scenario
give a brief explanation about the main concepts used in the
proposed model: asset, threat and control.                                          As a base of our model, we propose the concept of threat
                                                                                scenario. The rationale of this concept is that all threats can be
i.   The concept of asset represents entities involved in the                   classified based on its characteristic of attack. We adopt the
     information system operation. We refer ISO/IEC 27005                       attack type classification of EBIOS [11] to construct our threat
     [10] and Mehari knowledge-base [9] to develop the asset                    scenario concept, as illustrated in Table 3.
     catalogue as illustrated in Table 1.
                                                                                                   TABLE 3 – THREAT –SCENARIO CATALOGUE
                       TABLE 1 – ASSET CATALOGUE                                  Threat Scenario                Description
       CODE            DESCRIPTION                                                USG     the hijacking of       goods are diverted from their media
       BP              Business Processes                                                 uses                   framework User rating (use of features
       SW              Software                                                                                  available, planned or permitted) without
       SW.BAP          Business Application: Industry specific solution                                          being altered or damaged;
                       of standard package                                        ESP      espionage             goods carriers are observed, with or without
       SW.DBMS         System management database                                                                equipment further, without being damaged
       SW.MD           Middleware or package system that facilitate the           EXD      exceeded limits of    goods carriers are overloaded or used
                       integration between business applications                           operation             beyond their limits of operation
       DI              Data & Information                                         DMG      damage                the goods are damaged materials, partially or
                                                                                                                 completely, temporarily or permanently;
       DI.DB           Data & Information managed by DBMS
                                                                                  MOD      modifications         goods are processed materials
       DI.FLE          Data & Information as a file server and not
                                                                                  LOP      loss of property      goods carriers are insane (lost, stolen, sold,
                       managed by DBMS
                                                                                                                 given ...) without being altered or damaged,
       DI.NONE         Data (non-electronic) on the analog media                                                 so it is possible
       MED             Media                                                                                     exercise property rights.
       MED.EL          Electronic Media (disk, CD-ROM, USB devices,
                       magnetic tape, intelligent card, etc)
       MED.NONEL       Non-Electronic Media                                        We also have identified the mapping of Threat-Scenario to
       HW              Hardware
                                                                                security objectives, as shown below:
       HW.SVR          Servers (including its system software)
       HW.STO          Storage (including its system software)                        TABLE 4 – MAPPING OF THREAT-SCENARIO AND SECURITY OBJECTIVES
       HW.WS           Workstation (including its system software)
       COM             Communication Network                                                                                      Security Objectives
                                                                                Asset Type          Threat Scenario
                                                                                                                              C            I          A
       COM.LAN         Local Area Network (LAN)
                                                                                Business            USG                                    X          X
       COM.EXN         Extended Network, connects LAN to the wider              Process             ESP                       X
                       communication network (WAN, MAN, Internet,
                                                                                                    EXD                                                  X
                       etc)
                                                                                                    DMG                                    X             X
       AUX             Auxiliary equipments
                                                                                                    MOD                                    X             X
       AUX.HVAC        HVAC system (Heating, Ventilating, Air                                       LOP                       X                          X
                       Conditioning)                                            Software            USG                       X            X             X




                                                                          104                                     http://sites.google.com/site/ijcsis/
                                                                                                                  ISSN 1947-5500
                                                                 (IJCSIS) International Journal of Computer Science and Information Security,
                                                                                                                         Vol. 10, No. 4, 2012
Asset Type      Threat Scenario
                                         Security Objectives               application that running on several hardwares and sharing data
                                     C            I          A             to support different business processes.
                ESP                  X
                EXD                                         X                                  Business Process
                DMG                                         X
                MOD                  X          X           X
                LOP                  X                      X
                                                                                                    Data
Data (DB &      USG                  X          X           X
FLE)            ESP                  X
                EXD                                         X                                                     Hardware & Network
                                                                                                                                                                                 Personel
                DMG                                         X
                MOD                  X          X           X                   Software                   Hardware           Communication

                LOP                  X                      X
Data (NONE)     USG                             X           X
                ESP                  X
                                                                                                                                  Auxiliary
                DMG                                         X                                        Physical Facilities
                                                                                                                                 Equipments
                LOP                  X                      X
Media           USG                             X           X
(Eletronic)     ESP                  X                                      Notes: A → B means A has dependency on B.

                DMG                                         X                              Figure 2 – The Tree Structure of Asset Dependency
                MOD                             X
                LOP                  X                      X
Media (Non      USG                             X           X
                                                                           D. Generic Threat-Scenario Dependency Mapping
Electronic)     ESP                  X                                         Based on the tree structure of asset dependency, we propose
                DMG                                         X              the generic threat-scenario dependency. This dependency
                LOP                  X                      X              directly represents the asset dependency that can be used in the
Hardware        USG                  X          X           X              security risk analysis. We propose Threat-Scenario Mapping on
                ESP                  X
                                                                           Business Process, Data, Software, Media, Hardware,
                EXD                                         X
                DMG                                         X              Communication Network, Auxiliary Equipment, Physical
                MOD                  X          X           X              Facility and Personel, as shown by Table 5 to Table 12.
                LOP                  X                      X
                                                                                    TABLE 5 – THREAT –SCENARIO MAPPING ON BUINESS PROCESS
Network         USG                  X          X           X
                ESP                  X                                                                                                     Threat-Scenario on
                EXD                                         X                                                                               Business Process
                DMG                                         X                    Threat-Scenario on other Relevant




                                                                                                                                                              BP.DMG
                                                                                                                                                                       BP.MOD
                                                                                                                                                     BP.EXD
                MOD                  X          X           X




                                                                                                                                  BP.USG




                                                                                                                                                                                BP.LOP
                                                                                                                                            BP.ESP
                                                                                 Assets
                LOP                  X                      X
Auxiliary       EXD                                         X
Equipment       DMG                                         X
                MOD                             X           X                    PERSONEL
Physical        USG                  X                      X                    PER.USR.USG                                      X
Facility        ESP                  X                                           PER.USR.ESP                                                 X
                DMG                                         X                    PER.USR.EXD                                                         X
Personnel       USG                                         X                    PER.USR.DMG                                                                  X
                ESP                  X                                           PER.USR.MOD                                                                           X
                EXD                             X           X                    PER.USR.LOP                                                                                    X
                DMG                                         X                    DATA
                MOD                             X           X                    DI.DB.USG                                        X
                LOP                  X                      X                    DI.DB.ESP                                                   X
                                                                                 DI.DB.EXD                                                           X
                                                                                 DI.DB.DMG                                                                    X
C. The Tree Structure of Asset Dependency                                        DI.DB.MOD                                                                             X
                                                                                 DI.DB.LOP                                                                                      X
    Because of the complexity of asset dependency                                DI.FLE.USG                                       X
relationships, we need a dependency structure as a generic                       DI.FLE.ESP                                                  X
framework. We propose the generic structure of asset                             DI.FLE.EXD                                                          X
dependency, as illustrated in Figure 2.                                          DI.FLE.DMG                                                                   X
                                                                                 DI.FLE.MOD                                                                            X
    This tree structure is developed from Magerit [5] as a base.                 DI.FLE.LOP                                                                                     X
We split the equipment block on Magerit to two parts, (1)                        DI.NONE.USG                                      X
hardwares & networks and (2) auxiliary equipments, based on                      DI.NONE.ESP                                                 X
the consideration that the position of both is not equal. Then we                DI.NONE.DMG                                                                  X
place the auxiliary equipments horizontally with Physical                        DI.NONE.LOP                                                                                    X
Facilities.
    The proposed tree structure can handle the complex system
that grows significantly. As an example, the condition of



                                                                     105                                          http://sites.google.com/site/ijcsis/
                                                                                                                  ISSN 1947-5500
                                                                                                                                                                       (IJCSIS) International Journal of Computer Science and Information Security,
                                                                                                                                                                                                                               Vol. 10, No. 4, 2012
      TABLE 6 – THREAT –SCENARIO MAPPING ON DATA (MINUS NONEL)                                                                                                                                                                         Threat Scenario on                                                                                         Threat Scenario on
                                                                                                                                                                                                                                            DI.DB                                                                                                      DI.FLE
                                    Threat Scenario on                                                        Threat Scenario on
                                         DI.DB                                                                     DI.FLE




                                                                                                                                                                                                                                                                                                                                                                                                   DI. FLE.DMG
                                                                                                                                                                                                                                                                                                                                                                                                                        DI. FLE.MOD
                                                                                                                                                                                                                                                                                                                                                                             DI. FLE.EXD




                                                                                                                                                                                                                                                                                                                                                                                                                                            DI. FLE.LOP
                                                                                                                                                                                            Threat-Scenario on




                                                                                                                                                                                                                                                                                                                                     DI.FLE.USG
                                                                                                                                                                                                                                                                                                                                                          DI. FLE.ESP
                                                                                                                                                                                                                                                                            DI.DB.DMG
                                                                                                                                                                                                                                                                                                 DI.DB.MOD
                                                                                                                                                                                                                                                       DI.DB.EXD
                                                                                                                                                                                                                           DI.DB.USG




                                                                                                                                                                                                                                                                                                                 DI.DB.LOP
                                                                                                                                                                                                                                           DI.DB.ESP
                                                                                                                                           DI. FLE.DMG
                                                                                                                                                         DI. FLE.MOD
                                                                                                                                                                                            other Relevant Assets




                                                                                                                             DI. FLE.EXD




                                                                                                                                                                        DI. FLE.LOP
Threat-Scenario on




                                                                                                 DI.FLE.USG
                                                                                                               DI. FLE.ESP
                                                             DI.DB.DMG
                                                                         DI.DB.MOD
                                                 DI.DB.EXD
                        DI.DB.USG




                                                                                     DI.DB.LOP
                                     DI.DB.ESP
other Relevant Assets


                                                                                                                                                                                            COM.EXN.LOP                                                 X
PERSONEL                                                                                                                                                                                    MEDIA
PER.CST.USG              X                                                                        X                                                                                         MED.EL.USG                                                                                                                                X
PER.CST.ESP                           X                                                                         X                                                                           MED.EL.ESP                                                                                                                                                     X
PER.CST.EXD                                       X                                                                           X                                                             MED.EL.DMG                                                                                                                                                                                              X
PER.CST.DMG                                       X                                                                           X                                                             MED.EL.MOD                                                                                                                                                                                                                   X
PER.CST.MOD                                                               X                                                                               X                                 MED.EL.LOP                                                                                                                                                                                                                                       X
PER.CST.LOP                                                                           X                                                                                  X                  MED.NONEL.USG
SOFTWARE                                                                                                                                                                                    MED.NONEL.ESP
SW.BAP.USG               X                                                                                                                                                                  MED.NONEL.DMG
SW.BAP.ESP                            X                                                                                                                                                     MED.NONEL.LOP
SW.BAP.EXD                                        X
                                                                                                                                                                                                        TABLE 7 – THREAT –SCENARIO MAPPING ON SOFTWARE
SW.BAP.DMG                                        X
SW.BAP.MOD                                                                X
                                                                                                                                                                                                                                                                                           Threat Scenario on SW
SW.BAP.LOP                                        X
SW.DBMS.USG              X
SW.DBMS.ESP                           X




                                                                                                                                                                                                                                                                                                                                                           SW.xxx.DMG

                                                                                                                                                                                                                                                                                                                                                                                           SW.xxx.MOD
                                                                                                                                                                                               Threat-Scenario on other




                                                                                                                                                                                                                                                                                                                             SW.xxx.EXD
                                                                                                                                                                                                                                                                    SW.xxx.USG




                                                                                                                                                                                                                                                                                                                                                                                                                         SW.xxx.LOP
                                                                                                                                                                                                                                                                                                  SW.xxx.ESP
SW.DBMS.EXD                                       X                                                                                                                                            Relevant Assets
SW.DBMS.DMG                                       X
SW.DBMS.MOD                                                               X
SW.DBMS.LOP                                                                           X
SW.MD.USG                X
SW.MD.ESP                             X                                                                                                                                                        PERSONEL
SW.MD.EXD                                         X                                                                                                                                            PER.CST.USG                                                          X
SW.MD.DMG                                         X                                                                                                                                            PER.CST.ESP                                                                                       X
SW.MD.MOD                                                                 X                                                                                                                    PER.CST.EXD                                                                                                                   X
SW.MD.LOP                                         X                                                                                                                                            PER.CST.DMG                                                                                                                   X
HARDWARE                                                                                                                                                                                       PER.CST.MOD                                                                                                                                                                                 X
HW.SVR.USG               X                                                                                                                                                                     PER.CST.LOP                                                                                                                                                                                                               X
HW.SVR.ESP                            X
HW.SVR.EXD                                        X                                                                                                                                                       TABLE 8 – THREAT –SCENARIO MAPPING ON MEDIA
HW.SVR.DMG                                                    X
HW.SVR.MOD                                                                X                                                                                                                                                      Threat-Scenario on                                                                                               Threat-Scenario on
HW.SVR.LOP                                                                            X                                                                                                                                              MED.EL                                                                                                         MED.NONEL
HW.STO.USG                                                                                        X
HW.STO.ESP                                                                                                      X




                                                                                                                                                                                                                                                                                                                                                                                                        MED.NONEL.DMG
                                                                                                                                                                                                                                                                                                                                          MED.NONEL.USG




                                                                                                                                                                                                                                                                                                                                                                                                                                      MED.NONEL.LOP
                                                                                                                                                                                                                                                                                                                                                                        MED.NONEL.ESP
HW.STO.EXD                                                                                                                    X                                                             Threat-Scenario on
                                                                                                                                                                                                                                                       MED.EL.DMG

                                                                                                                                                                                                                                                                                    MED.EL.MOD




HW.STO.DMG                                                                                                                                  X                                               other Relevant Assets
                                                                                                                                                                                                                    MED.EL.USG




                                                                                                                                                                                                                                                                                                               MED.EL.LOP
                                                                                                                                                                                                                                       MED.EL.ESP




HW.STO.MOD                                                                                                                                                X
HW.STO.LOP                                                                                                                                                               X
HW.WS.USG                                                                                         X
HW.WS.ESP                                                                                                       X
HW.WS.EXD                                                                                                                     X
HW.WS.DMG                                                                                                                                   X                                               PERSONEL
HW.WS.MOD                                                                                                                                                 X                                 PER.CST.USG             X                                                                                                                     X
HW.WS.LOP                                                                                                                                                                X                  PER.CST.ESP
JARINGAN                                                                                                                                                                                    PER.CST.EXD                                X                                                                                                                                X
KOMUNIKASI                                                                                                                                                                                  PER.CST.DMG
COM.LAN.USG              X                                                                                                                                                                  PER.CST.MOD                                                                             X
COM.LAN.ESP                           X                                                                                                                                                     PER.CST.LOP                                                                                                        X                                                                                                                      X
COM.LAN.EXD                                       X                                                                                                                                         PERANGKAT
COM.LAN.DMG                                       X                                                                                                                                         PENDUKUNG
COM.LAN.MOD                                                               X                                                                                                                 AUX.HVAC.EXD                                               X                                                                                                                                                X
COM.LAN.LOP                                       X                                                                                                                                         AUX.HVAC.DMG                                               X                                                                                                                                                X
COM.EXN.USG              X                                                                                                                                                                  AUX.HVAC.MOD                                               X                                                                                                                                                X
COM.EXN.ESP                           X                                                                                                                                                     AUX.PWR.EXD
COM.EXN.EXD                                       X                                                                                                                                         AUX.PWR.DMG
COM.EXN.DMG                                       X                                                                                                                                         AUX.PWR.MOD
COM.EXN.MOD                                                               X                                                                                                                 FASILITAS FISIK




                                                                                                                                                                                      106                                                           http://sites.google.com/site/ijcsis/
                                                                                                                                                                                                                                                    ISSN 1947-5500
                                                                                                                                                                                                                                                                          (IJCSIS) International Journal of Computer Science and Information Security,
                                                                                                                                                                                                                                                                                                                                  Vol. 10, No. 4, 2012
                                                                                                                                                                                                                                                                                                                                                Threat-Scenario on Network
                                          Threat-Scenario on                                                                                                                Threat-Scenario on
                                                                                                                                                                                                                                                                                                                                                      Communication
                                              MED.EL                                                                                                                          MED.NONEL




                                                                                                                                                                                                                                                                                                                                                                                          COM.xxx.DMG

                                                                                                                                                                                                                                                                                                                                                                                                                      COM.xxx.MOD
                                                                                                                                                                                                                                                                                                                                                                   COM.xxx.EXD
                                                                                                                                                                                                                                                                                                                                  COM.xxx.USG




                                                                                                                                                                                                                                                                                                                                                                                                                                    COM.xxx.LOP
                                                                                                                                                                                                                                                                                                                                                     COM.xxx.ESP
                                                                                                                                                                                                                                                                                                Threat-Scenario on other




                                                                                                                                                                                                                                            MED.NONEL.DMG
                                                                                                                                                                      MED.NONEL.USG




                                                                                                                                                                                                                                                                          MED.NONEL.LOP
                                                                                                                                                                                                              MED.NONEL.ESP
Threat-Scenario on                                                                                                                                                                                                                                                                              Relevant Assets




                                                                                MED.EL.DMG

                                                                                                           MED.EL.MOD
other Relevant Assets
                           MED.EL.USG




                                                                                                                                      MED.EL.LOP
                                                 MED.EL.ESP
                                                                                                                                                                                                                                                                                                PER.CST.EXD                                                        X
                                                                                                                                                                                                                                                                                                PER.CST.DMG                                                        X
PHY.DC.USG                 X                                                                                                                                          X                                                                                                                         PER.CST.MOD                                                                                                           X
PHY.DC.ESP                                       X                                                                                                                                                           X                                                                                  PER.CST.LOP                                                        X
PHY.DC.DMG                                                                      X                                                                                                                                                           X                                                   PERANGKAT
PHY.WR.USG                 X                                                                                                                                          X                                                                                                                         PENDUKUNG
PHY.WR.ESP                                       X                                                                                                                                                           X                                                                                  AUX.HVAC.EXD                                                       X
PHY.WR.DMG                                                                      X                                                                                                                                                           X                                                   AUX.HVAC.DMG                                                       X
                                                                                                                                                                                                                                                                                                AUX.HVAC.MOD                                                       X
            TABLE 9 – THREAT –SCENARIO MAPPING ON SOFTWARE                                                                                                                                                                                                                                      AUX.PWR.EXD                                                        X
                                                                                                                                                                                                                                                                                                AUX.PWR.DMG                                                        X
                           Threat-Scenario on                                                                                                                        Threat-Scenario on                                                                                                         AUX.PWR.MOD                                                        X
                          Hardware (SVR, STO)                                                                                                                         Hardware (WS)                                                                                                             FASILITAS FISIK
                                                                                                                                                                                                                                                                                                PHY.DC.USG                        X
                                                                                                                                                                                                                                                                                                PHY.DC.ESP                                           X
                                                                                        HW. SVR/STO.DMG




                                                                                                                                                                                                                              HW. SVR/STO.DMG
                                                              HW. SVR/STO.EXD




                                                                                                                                                                                                     HW. SVR/STO.EXD
                        HW. SVR/STO.USG




                                                                                                                                                   HW. SVR/STO.USG
                                                                                        HW. SVR/STO.LOP




                                                                                                                                                                                                                              HW. SVR/STO.LOP
                                          HW. SVR/STO.ESP




                                                                                                                                                                          HW. SVR/STO.ESP




                                                                                                                                                                                                                                                                                                PHY.DC.DMG                                                                                X
Threat-Scenario on
                                                                                        SVR/STO.MOD




                                                                                                                                                                                                                              SVR/STO MOD


                                                                                                                                                                                                                                                                                                PHY.WR.USG                        X
other Relevant Assets
                                                                                                                                                                                                                                                                                                PHY.WR.ESP                                           X
                                                                                                                                                                                                                                                                                                PHY.WR.DMG                                                                                X
                                                                                        HW. .




                                                                                                                                                                                                                              HW. .




                                                                                                                                                                                                                                                                                                 TABLE 11 – THREAT –SCENARIO MAPPING ON AUXILIARY EQUIPMENT

                                                                                                                                                                                                                                                                                                                                                   Threat-Scenario on
PERSONEL                                                                                                                                                                                                                                                                                                                                          Auxiliary Equipment
PER.CST.USG              X                                                                                                                          X
PER.CST.ESP                                X                                                                                                                                X




                                                                                                                                                                                                                                                                                                                                                                           AUX.xxx.DMG


                                                                                                                                                                                                                                                                                                                                                                                                        AUX.xxx.MOD
                                                                                                                                                                                                                                                                                                                                                    AUX.xxx.EXD
PER.CST.EXD                                                    X                                                                                                                                       X                                                                                               Threat-Scenario on other
PER.CST.DMG                                                    X                                                                                                                                       X                                                                                               Relevant Assets
PER.CST.MOD                                                                                                 X                                                                                                                                      X
PER.CST.LOP                                                    X                                                                                                                                      X
PERANGKAT
PENDUKUNG
AUX.HVAC.EXD                                                   X                                                                                                                                      X                                                                                                PERSONEL
AUX.HVAC.DMG                                                   X                                                                                                                                      X                                                                                                PER.CST.USG                                                        X
AUX.HVAC.MOD                                                   X                                                                                                                                      X                                                                                                PER.CST.ESP                                                        X
AUX.PWR.EXD                                                    X                                                                                                                                      X                                                                                                PER.CST.EXD                                 X
AUX.PWR.DMG                                                    X                                                                                                                                      X                                                                                                PER.CST.DMG                                 X
AUX.PWR.MOD                                                    X                                                                                                                                      X                                                                                                PER.CST.MOD                                                                                      X
FASILITAS FISIK                                                                                                                                                                                                                                                                                        PER.CST.LOP                                 X
PHY.DC.USG               X
PHY.DC.ESP                                 X                                                                                                                                                                                                                                                       TABLE 12 – THREAT –SCENARIO MAPPING ON PHYSICAL FACILITY
PHY.DC.DMG                                                                               X                                                                                                                                                                                                                                                         Threat-Scenraio on
PHY.WR.USG                                                                                                                                          X                                                                                                                                                                                               Physical Facility
PHY.WR.ESP                                                                                                                                                                  X
PHY.WR.DMG                                                                                                                                                                                                                    X
                                                                                                                                                                                                                                                                                                                                                                                                          PHY.xxx.DMG
                                                                                                                                                                                                                                                                                                                                                   PHY.xxx.USG


                                                                                                                                                                                                                                                                                                                                                                            PHY.xxx.ESP




                                                                                                                                                                                                                                                                                                      Threat-Scenario on other
            TABLE 10 – THREAT –SCENARIO MAPPING ON NETWORK                                                                                                                                                                                                                                            Relevant Assets

                                                                                                           Threat-Scenario on Network
                                                                                                                 Communication

                                                                                                                                                                                                                                                                                                      PERSONEL
                                                                                                                                                                                            COM.xxx.DMG

                                                                                                                                                                                                                              COM.xxx.MOD
                                                                                                                                                      COM.xxx.EXD
                                                                                             COM.xxx.USG




                                                                                                                                                                                                                                                            COM.xxx.LOP
                                                                                                                        COM.xxx.ESP




    Threat-Scenario on other                                                                                                                                                                                                                                                                          PER.CST.USG                                 X
    Relevant Assets                                                                                                                                                                                                                                                                                   PER.CST.ESP                                                          X
                                                                                                                                                                                                                                                                                                      PER.CST.EXD
                                                                                                                                                                                                                                                                                                      PER.CST.DMG
                                                                                                                                                                                                                                                                                                      PER.CST.MOD
                                                                                                                                                                                                                                                                                                      PER.CST.LOP
    PERSONEL
    PER.CST.USG                                                                              X
    PER.CST.ESP                                                                                                         X




                                                                                                                                                                                                                                                                                          107                              http://sites.google.com/site/ijcsis/
                                                                                                                                                                                                                                                                                                                           ISSN 1947-5500
                                                                    (IJCSIS) International Journal of Computer Science and Information Security,
                                                                                                                            Vol. 10, No. 4, 2012
               III.   THE PROPOSED MODEL OF IS RISK ANALYSIS                    B. Representation in Bayesian-Network
A. Conceptual Model                                                                 It is assumed that the risk has a finite set of probability
                                                                                status (expressed as a vector of probability distribution [high,
   Our proposed model is illustrated in Fig 3. This model will                  medium, low]). Because of the vector expression of risk, all
be represented in the probability statement of Bayesian                         relevant variables (threat scenario, threat, control) are also
Network.                                                                        expressed in probability distribution vector.
                                                                                1) Risk on the Information Security Objective
                                                                                   The information security objective risk is a function of its
                                                                                accumulated potential of exploitation and its value, expressed
                                                                                below:
                                                                                                                                                  (1)

                                                                                    Where         is a probability of the information security
                                                                                objective risk,          is a probability of information security
                                                                                objective being exploited and               is a value of the
                                                                                information security objective.
      ………...




                                                                                    The probability of information security objective being
                                                                                exploited         is a function of the relevant threat-scenarios,
                                                                                represented as a conditional probability as below:
                                                                                                              |         ,…                        (2)

                                                                                   Where         are relevant threat-scenarios to the information
                                       ………...




                                                                                security objective.
                                                                                2) Threat-Scenario
                                                                                    As can be shown from the Figure 3, the probability of
                                                                                threat-scenario is a function of relevant other threat-scenarios
                                                                                and relevant reduced-threats. To make easier the understanding,
                                                                                we use two additional nodes for calculation: reduced-threat
                                                                                combination and relevant threat-scenario combination.
                                                                                                                    ,                             (3)
                            Figure 3 – The Proposed Model
                                                                                    Where        is a probability of threat-scenario,      is a
Where,                                                                          combination of relevant reduced-threats to threat-scenario
                                                                                and         is a combination of relevant threat-scenarios to
 SOi                   :   Information security objective                       threat-scenario
                           {Confidentiality, Integrity, Availability}               The combination of threat-scenario    is a function of
 TSi                   :   threat-scenario                                      relevant threat-scenarios, as expressed in the conditional
 RTi                   :   reduced-Threat                                       probability below:
 Ti                    :   Threat
 CCEF(Ti)              :   Control combination effectiveness for Threat                                                 , …                       (4)
                           likelihood-factor reduction                              Where        , …       is a threat-scenario list of relevant
 DISS                  :   Control combination effectiveness for                assets.
                           dissuasive controls
 PREV                  :   Control combination effectiveness for                    And the combination of reduced-threats is a function of
                           preventive controls                                  relevant reduced-threats, as expressed in the conditional
 PROT                      Control combination effectiveness for                probability below:
                           protective controls                                                                          , …                       (5)
 PALL                      Control combination effectiveness for
                           palliative controls                                      Where        , …       is a relevant reduced-threat list to
 RECU                      Control combination effectiveness for                threat-scenario TSi.
                           recupreative controls                                3) Reduced Threat
 Ci                        Single control effectiveness
                                                                                   Reduction of Threat can be divided on two types: reduction
                                                                                of likelihood-factor and reduction of exploitation-factor that




                                                                          108                              http://sites.google.com/site/ijcsis/
                                                                                                           ISSN 1947-5500
                                                              (IJCSIS) International Journal of Computer Science and Information Security,
                                                                                                                      Vol. 10, No. 4, 2012
can cause the impact on asset’s value. The reduced threat can              relevant threats to every security objectives in Magerit model.
be expressed below:                                                        The illustrations of case study on the proposed model and
                                                                           Magerit are shown in Figure 4 dan Figure 5.
                              1                               (6)

   Where         is a probability of reduced-threat,       is a
probability of threat before reduced,              is a control
combination effectiveness to reduce to reduce the threat.


4) Control Combination Effectiveness
    By considering the role of control types to reduce the threat,
the control combination effectiveness can be expressed below:
                                                              (7)

    Where              is a dissuasive combination control
effectiveness,           is a preventive combination control
effectiveness,            is a protective combination control
effectiveness,            is a palliative combination control
effectiveness and              is a recuperative combination
control effectiveness.
    The critical aspect is a weighting of five control
combination effectiveness. Based on the analysis using Mehari                                 Figure 4 – Case Study in Proposed Model
table matrix [12] and giving the greater weight for the
anticipative approach, we propose the comparison of weighting
factors as below:
   •     α1< α2
   •     β1> β 2> β 3

   Control combination effectiveness of each type can be
expressed as a conditional probability of relevant controls, as
shown below:
                                  |       ,…                   (8)

                                  |       ,…                  (9)

                                      |   ,…                 (10)
                                                                                                 Figure 5 – Case Study in Magerit
                                  |       ,…                 (11)
                                                                               Below are the scenarios performed in the experiment, based
                                                                           on the condition of controls and threats:
                                      |   ,…                 (12)
                                                                              a.   Non controls implemented.
   Where          ,…      are relevant controls for every control             b.   Control implemented:
types.                                                                                  i.      All controls are low
                  IV.   EXPERIMENT & ANALYSIS                                           ii.     All controls are medium
   To validate the proposed model that implements the asset                             iii. All controls are high
dependency paradigm using the threat-scenario dependency,
we compare the output of proposed model with the output of                              iv. Only controls whose type preventive are high
Magerit as a representative of group that using security                                    and the others are low.
objective dependency perspective. The experiment is                             First experiment are to execute the scenario a, b.i, b.ii, and
developed using Agena.                                                     b.iii. After the execution, the result of the scenario a, b.i, b.ii,
    The experiment is performed by selecting two threats (per              and b.iii for the proposed model are shown in Table 13 and
threat types) for every threat scenario on the proposed model.             Table 14.
For every threat we choose the relevant controls. Based on the
mapping of threat-scenario and security objectives, we map the




                                                                     109                                    http://sites.google.com/site/ijcsis/
                                                                                                            ISSN 1947-5500
                                                                             (IJCSIS) International Journal of Computer Science and Information Security,
                                                                                                                                     Vol. 10, No. 4, 2012
         TABLE 13 – EXPERIMENT RESULT OF SCENARIO A, B.I, B.II, AND B.III                and server. And the results of scenario b.iv are shown in Table
                             (PROPOSED MODEL)                                            15 dan Table 16.
                                            Proposed Model
                            Without                                                            TABLE 15 – EXPERIMENT RESULT OF B.IV (THREATMENT ON PERSONNEL)
                                          C=Low      C=Medium        C=High
                            Control                                                                                   Proposed Model                        Magerit
    Personel                                                                                                             Preventive Controls           Preventive Controls 
                                                                                                                Without                       Without 
        Confidentiality        0.000%      10.034%        41.953%     98.677%                                             in Personel High,             in Personel High, 
                                                                                                                Control                       Control
        Integrity              0.000%       9.942%        41.885%     98.823%                                              others are Low                others are Low
        Availability           0.000%       9.206%        44.498%     99.796%             Personel
    Data Center                                                                               Confidentiality    0.000%               37.733%     0.000%              25.937%
        Confidentiality        1.126%      11.192%        44.719%     95.494%                 Integrity          0.000%               52.479%     0.000%              69.426%
        Availability           1.126%      11.198%        44.721%     95.479%                 Availability       0.000%               70.622%     0.000%              35.450%
                                                                                          Data Center
    Sistem HVAC
                                                                                              Confidentiality    1.126%               31.400%     0.000%              15.531%
        Integrity              0.000%      10.888%        44.510%     97.262%                 Availability       1.126%               16.689%     0.000%              15.166%
        Availability           0.000%       9.729%        39.593%     98.437%             Sistem HVAC
    Sistem Power                                                                              Integrity          0.000%               24.041%     0.000%              32.154%
        Integrity              0.000%      21.481%        40.871%     62.127%                 Availability       0.000%               29.485%     0.000%              13.785%
                                                                                          Sistem Power
        Availability           0.000%      12.573%        38.321%     89.939%
                                                                                              Integrity          0.000%               40.552%     0.000%              32.154%
    Server                                                                                    Availability       0.000%               34.748%     1.031%              14.578%
        Confidentiality        0.000%       9.618%        40.088%     99.056%             Server
        Integrity              1.125%      10.746%        46.044%     96.075%                 Confidentiality    0.000%               21.945%     0.000%              17.368%
        Availability           0.000%       9.458%        37.247%     99.299%                 Integrity          1.125%               23.117%     5.673%              36.815%
                                                                                              Availability       0.000%               19.700%     0.000%              17.142%
Notes: All values in the experiment are observed from the value of vector
“LOW” of asset security objective risk. Therefore, the greater of the value, the         Notes: All values in the experiment are observed from the value of vector
lower the value of risk and the greater the risk have been reduced.                      “LOW” of asset security objective risk. Therefore, the greater of the value, the
                                                                                         lower the value of risk and the greater the risk have been reduced.
         TABLE 14 – EXPERIMENT RESULT OF A, B.I, B.II, AND B.III (MAGERIT)
                                                                                                TABLE 16 – EXPERIMENT RESULT OF B.IV (THREATMENT ON SERVER)
                                                Magerit
                            Without                                                                                   Proposed Model                        Magerit
                                          C=Low      C=Medium       C=High
                            Control                                                                                        Preventive Controls              Preventive Controls 
                                                                                                                Without                            Tanpa 
    Personel                                                                                                                 in Server High,                  in Server High, 
                                                                                                                Control                           Kontrol
        Confidentiality        0.000%       9.726%        41.694%    99.394%                                                 others are Low                   others are Low
        Integrity              0.000%      10.557%        44.365%    97.888%             Server
        Availability           0.000%      10.120%        41.149%    97.622%                Confidentiality      0.000%               31.497%      0.000%              22.763%
    Data Center                                                                             Integrity            1.125%               43.606%      5.673%              14.490%
                                                                                            Availability         0.000%               27.176%      0.000%              16.039%
        Confidentiality        0.000%      10.063%        41.253%    98.590%
        Availability           0.000%       9.698%        39.026%    99.183%             Notes: All values in the experiment are observed from the value of vector
    Sistem HVAC                                                                          “LOW” of asset security objective risk. Therefore, the greater of the value, the
        Integrity              0.000%      11.008%        44.637%    96.470%             lower the value of risk and the greater the risk have been reduced.
        Availability           0.000%      10.474%        41.958%    96.865%
    Sistem Power
                                                                                             Based on the result of second experiment, we are shown
        Integrity              0.000%      11.008%        44.637%    96.470%
                                                                                         that the implementation of prioritized control treatment
        Availability           1.031%      10.701%        42.768%    96.201%             (preventive control in this experiment) in proposed model can
    Server                                                                               result the greater risk reduction compared to Magerit.
        Confidentiality        0.000%       9.719%        39.582%    98.339%
        Integrity              5.673%      14.490%        38.482%    82.276%                                          V.      CONCLUSION
        Availability           0.000%       9.041%        38.829%    99.311%                 In this paper we propose the new approach to represent the
Notes: All values in the experiment are observed from the value of vector                asset dependency in the context of IS risk analysis using the
“LOW” of asset security objective risk. Therefore, the greater of the value, the         threat-scenario dependency. Our proposed approach then
lower the value of risk and the greater the risk have been reduced.                      implemented in the new model of IS Risk Analysis using
       Below are the analysis results of the first experiment:                           Bayesian Network.
                                                                                             Based on the experiment result, our proposed model has a
•       Based on the result of “without control” of proposed
                                                                                         better sensitivity in the risk reduction compared to model that
        model and Magerit, there is no significant different. This
                                                                                         uses security objective dependency. The features of proposed
        means that the models developed for this experiment are
                                                                                         model also provide a greater flexibility and efficiency to the
        comparable and those values can be used as a reference
                                                                                         information security risk analysis cycle, because we don’t need
        value.
                                                                                         to reconfigure the asset dependency when the threat context
•       The proposed model and Magerit don’t have a significant                          changes.
        difference when we don’t implement a prioritized control
        treatment.                                                                                                         REFERENCES
                                                                                         [1]    Fenz, S, “Ontology- and Bayesian-based Information Security Risk
    The second experiment is performed by executing scenario                                    Management”, TU Wien Dissertation, 2008
b.iv. For scenario b.iv, we perform a treatment on personnel                             [2]    Weber, R. “Information System Control and Audit”, Prentice Hall, 1998




                                                                                   110                                      http://sites.google.com/site/ijcsis/
                                                                                                                            ISSN 1947-5500
                                                                          (IJCSIS) International Journal of Computer Science and Information Security,
                                                                                                                                  Vol. 10, No. 4, 2012
[3]    Crespo, F.L., Gomez, M.A.A., Candau, J. dan Manas, J.A., “Magerit
       Version 2 – Methodology for Information Systems Risk Analysis and
       Management: II – Catalogue of Elements”, Ministerio de
       Administraciones Públicas, 2006
[4]    Suh, B. dan Han, I., “The IS risk analysis based on a business model”,
       Information & Management, Elsevier, 2003, p.149–15
[5]    Crespo, F.L., Gomez, M.A.A., Candau, J. dan Manas, “Magerit Version
       2 – Methodology for Information Systems Risk Analysis and
       Management: I – The Method”, Ministerio de Administraciones
       Públicas, 2006
[6]    Basel Committee of Banking Supervision, “International Convergence
       of Capital Measurement and Capital Standards: A Revised Framework”,
       Bank for International Settlement, 2004
[7]    Ernie Jordan and Luke Silcock, “Beating IT Risks”, John Wiley & Sons,
       2005
[8]    ISACA, “Top Business/Technology Issues: Survey Results”, ISACA,
       2008
[9]    CLUSIF, “Mehari 2007: Knowledge Base”, CLUSIF, 2007
[10]   ISO/IEC, “ISO/IEC 27005: Information Technology – Security
       Techniques – Information Security Risk Management”, ISO/IEC, 2008
[11]   ANSSI, “EBIOS: Bases de connaissances”, ANSSI, 2010
[12]   Club De La Securite De L'Information, “Mehari 2007: Risk Analysis
       Guide”, 2007
[13]   Rahmad, B., “Analisa Risiko Keamanan Informasi Informasi dengan
       Mempertimbangkan Dependensi Skenario-Threat dan Kontrol Sebagai
       Pereduksi Likelihood dan Impact”, ITB Dissertation, 2010


                            AUTHORS PROFILE

Basuki Rahmad is a PhD student at School of Electrical Engineering &
Informatic (STEI), Institut Teknologi Bandung. He obtained his
undergraduate and master degree in electrical engineering from STEI – Institut
Teknologi Bandung 2000 and 2004 respectively. He also holds professional
certification related to information system assurance: CISA and CISM from
ISACA.

Suhono H. Supangkat is a professor at STEI, Institut Teknologi Bandung,
Indonesia. He obtained his undergraduate degree from STEI – Institut
Teknologi Bandung (1986), master degree from Meisei University Tokyo
(1994) and Doctoral degree from University of Electro Communications
Tokyo (1998). His focus research is in the information assurance, IT
Governance, telecommunication policy.

Jaka Sembiring is an associate professor at STEI, Institut Teknologi
Bandung, Indonesia. He obtained an undergraduate degree form electrical
engineering – Institut Teknologi Bandung, Master and doctoral degree in
electrical engineering from Waseda University. His focus research is in signal
processing and stochastic systems.

Kridanto Surendro is an associate professor at STEI – Institut Teknologi
Bandung, Indonesia. He obtained an undergraduate and master degree from
Industrial Engineering, Institut Teknologi Bandung, and doctoral degree in
Computer Science from Computer Science, Keio University, Tokyo. His focus
reseach is in the information system, IT Governance, IT Risk Management,
Strategic IT Plan.




                                                                                 111                           http://sites.google.com/site/ijcsis/
                                                                                                               ISSN 1947-5500

				
DOCUMENT INFO
Shared By:
Stats:
views:95
posted:5/16/2012
language:English
pages:9