Suchen und Finden
Service
Risk and the Theory of Security Risk Assessment
Carl S. Young
Verlag Springer-Verlag, 2020
ISBN 9783030306007 , 286 Seiten
Format PDF, OL
Kopierschutz Wasserzeichen
Geräte
Foreword
7
Preface
8
Acknowledgments
10
Introduction
12
Contents
17
About the Author
21
Part I: Security Risk Assessment Fundamentals
22
Chapter 1: Definitions and Basic Concepts
23
1.1 Introduction to Risk and Risk-Relevance
23
1.2 Threat Scenarios and the Components of Risk
29
1.3 The Risk Meter
31
1.4 Introduction to Risk Factors
33
1.5 Threat Incidents and Risk Factor-Related Incidents
36
1.6 Probability v. Potential
37
1.7 The Fundamental Expression of Security Risk
46
1.8 Absolute, Relative and Residual Security Risk
47
1.9 Summary
50
Chapter 2: Risk Factors
51
2.1 Introduction
51
2.2 Definitions and Examples
52
2.3 Apex Risk Factors
56
2.4 Spatial Risk Factors
59
2.5 Temporal Risk Factors
60
2.6 Behavioral Risk Factors
62
2.7 Complexity Risk Factors
63
2.8 Inter-related Risk Factors
63
2.9 Risk Factor Scale and Stability
64
2.10 Summary
67
Chapter 3: Threat Scenarios
69
3.1 Introduction
69
3.2 Static Threat Scenarios
71
3.3 Dynamic Threat Scenarios
72
3.4 Behavioral Threat Scenarios
72
3.5 Complex Threat Scenarios
73
3.6 Random Threat Scenarios
73
3.7 Maximum Threat Scenario Risk
74
3.8 General Threat Scenario Phenomena
76
3.9 A Security Risk Assessment Taxonomy
78
3.10 Summary
80
Chapter 4: Risk, In-Depth
81
4.1 Introduction
81
4.2 Threat Scenario Equivalence and Risk Universality
83
4.3 Direct and Indirect Assessments of Likelihood
89
4.4 Sources of Uncertainty in Estimating Likelihood
91
4.5 Time and Risk
94
4.6 Risk-Relevance
98
4.7 The Confluence of Likelihood Risk Factors
99
4.8 Summary
101
Part II: Quantitative Concepts and Methods
103
Chapter 5: The (Bare) Essentials of Probability and Statistics
104
5.1 Introduction
104
5.2 Probability
106
5.3 Average, Standard Deviation, Variance and Correlation
110
5.4 The Normal and Standard Normal Distributions
112
5.5 The Z-Statistic
117
5.6 Statistical Confidence and the p-value
118
5.7 The Poisson Distribution
125
5.8 Value-at-Risk
127
5.9 Summary
129
Chapter 6: Identifying and/or Quantifying Risk-Relevance
130
6.1 Introduction
130
6.2 Linearity, Non-linearity and Scale
131
6.3 Density
139
6.4 Trends and Time Series
140
6.5 Histograms
142
6.6 Derivatives and Integrals
144
6.7 Correlation and Correlation Coefficients Revisited
146
6.8 Exponential Growth, Decay and Half-Value
147
6.9 Time and Frequency Domain Measurements
151
6.10 Summary
154
Chapter 7: Risk Factor Measurements
155
7.1 Introduction
155
7.2 Spatial Risk Factor Measurements
156
7.3 Temporal Risk Factor Measurements
166
7.4 Behavioral Risk Factor Measurements
170
7.5 Multiple Risk Factors and Uncertainty in Security Risk Management
171
7.6 Summary
173
Chapter 8: Elementary Stochastic Methods and Security Risk
174
8.1 Introduction
174
8.2 Probability Distributions and Uncertainty
177
8.3 Indicative Probability Calculations
180
8.4 The Random Walk
188
8.5 The Probability of Protection
189
8.6 The Markov Process
192
8.7 Time-Correlation Functions and Threat Scenario Stability,
196
8.8 The Convergence of Probability and Potential
202
8.9 Summary
204
Part III: Security Risk Assessment and Management
206
Chapter 9: Threat Scenario Complexity
207
9.1 Introduction to Complexity
207
9.2 Background
208
9.3 Complexity Combinatorics
211
9.4 Information Entropy
216
9.5 Estimates of Threat Scenario Complexity
223
9.6 Complexity Metrics
228
9.7 Temporal Limits on Complexity
231
9.8 Managing Threat Scenario Complexity
232
9.9 Summary
234
Chapter 10: Systemic Security Risk
236
10.1 Introduction
236
10.2 The Risk-Relevance of Assets and Time
237
10.3 Spatial Distribution of Risk Factors: Concentration and Proliferation
238
10.3.1 Concentration
238
10.3.2 Proliferation
239
10.4 Temporal History of Risk Factors: Persistence, Transience and Trending
239
10.4.1 Persistence
240
10.4.2 Transience
241
10.4.3 Trending
242
10.5 Summary
243
Chapter 11: General Theoretical Results
245
11.1 Introduction
245
11.2 Core Principles
246
11.3 Random Threat Scenario Results
248
11.4 Static and Dynamic Threat Scenario Results
248
11.5 Complex Threat Scenario Results
251
11.6 Summary
253
Chapter 12: The Theory, in Practice
254
12.1 Introduction
254
12.2 The Security Risk Management Process
255
12.3 Applying the Theory (1): Information Security Threat Scenarios
259
12.4 Applying the Theory (2): Password Cracking
264
12.5 A Revised Fundamental Expression of Security Risk
270
12.6 Testing for Encryption
273
12.7 The Security Control/Risk Factor Ratio (C/R)
273
12.8 Cost and Constraints in Security Risk Management
274
12.9 Low Likelihood-High Impact Threat Scenarios
275
12.10 Summary
277
Epilogue
279
Appendices
282
Appendix 1: Random Walk Mean and Variance
282
Appendix 2: Time and Ensemble Averages
283
Appendix 3: Theory of Security Risk Assessment Summary Table
285
Shop