TDDD36 Secure Mobile Systems Risk Analysis and Risk Assessment Process

advertisement
TDDD36
Secure Mobile Systems
Risk Analysis and
Risk Assessment Process
Leonardo Martucci
Security and Networks Group, ADIT
Department of Computer and Information Science
In this lecture

What is Risk Analysis?
describe risk

Risk Assessment Process
What? Who? How?

Risk Analysis
Risk Analysis Methods
2/43
What is Risk?

Risk is related to a future events
and their consequences
we don’t know much about this or that
UNCERTAINTY
understanding
RISK ANALYSIS
3/43
Example: Bow-tie Diagram
Future events and Consequences
Barriers and
Mitigation
Causes that
lead to A
Mitigation of
consequences
A:
Hazard
or
Threat
Consequences
of A
4/43
Example: Bow-tie diagram
A real case scenario
I really like my
teachers
pay attention
not doing your
project work
not attending
the tests
NOT
passing
this
course
one more year
in Linköping
...
...
the chairs are
too confortable
redo the project
being grounded
by parents
5/43
Risk Analysis in the Big Picture
Security Management
Process
Security Risk Assessment
Process
Risk Analysis
Operational
Security
Testing
Auditing
6/43
Who is the responsible?

Information Security Manager

prevent loss, fraud and data breaches

demonstrate regulation compliance
manage security policies


ensure business continuity
+ disaster response

prioritize security initiatives
7/43
?
Information Security Manager FAQ
!
Given your limited resources, are you confident that your
initiatives are addressing the largest security risks to your
organizations assets?
How do you demonstrate to management that your initiatives
are addressing the largest security risks to your organizations
assets?

Risk Assessment
basis for making security decisions
8/43
What is Risk Assessment?

The determination of the probability asset losses based on
asset valuation,
threat analysis, and
a review of current security controls
effectiveness
Risk Assessment
Risk Analysis
*or
Risk Evaluation
more at NIST 800-30 Risk Management Guide and ISO 27001/2 9/43
Risk Assessment and the Big Picture

Security Management Process
process of insuring that risk is within acceptable bounds
Security Risk
Assessment
Test and
Review
Operational
Security
Risk Mitigation
10/43
Risk Assessment and the Big Picture
Security Risk
Assessment
scanning
audit of controls
threats / likelihood
vulnerabilities / exploits
assets / impacts
risks / countermesuares
Test and
Review
Operational
Security
Risk Mitigation
patches
incident handling
training
safeguard implement.
additional controls
11/43
Risk Assessment and the Big Picture

Security Management Process
process of insuring that risk is within acceptable bounds
Security Risk
Assessment
Test and
Review
Operational
Security
Risk Mitigation
12/43
The 6 Phases
of the Security Risk Assessment Process
Project
Definition
Administrative
Risk Analysis
Project
Preparation
Technical
Risk Mitigation
Risk Evaluation
Physical
Risk Reporting
and Resolution
Data Gathering
Risk Assessment
13/43
The 6 Phases
of the Security Risk Assessment Process
Project
Definition
Administrative
Risk Analysis
Project
Preparation
Technical
Risk Mitigation
Risk Evaluation
Physical
Risk Reporting
and Resolution
Data Gathering
Risk Assessment
14/43
Phase 1: Project Definition

Objective: define scope and content of deliverables
Cost and Time
(budget time constraints)
Divide the Project
Manageable Tasks
Resources
Security Risk Assessment Objective
15/43
Phase 2: Project Preparation

Team Preparation
AND
Selection
Objectivity
Expertise
Experience
Project Preparation
Pre-arrangements
Understand the Organization
Objectives
Identify
Critical Systems
Assets
Threats
Security Expectations
16/43
Phase 3: Data Gathering

Determine the status of existing



Administrative
Physical
Technical
Security Controls
?

!
How ?

A combination of
data collection
testing
analysis
17/43
The 6 Phases
of the Risk Assessment Process
Planning
Project
Definition
Administrative
Risk Analysis
Project
Preparation
Technical
Risk Mitigation
Risk Evaluation
Physical
Risk Reporting
and Resolution
Data Gathering
Risk Assessment
18/43
The 6 Phases
of the Security Risk Assessment Process
Project
Definition
Administrative
Risk Analysis
Project
Preparation
Technical
Risk Mitigation
Risk Evaluation
Physical
Risk Reporting
and Resolution
Planning
Risk Assessment
19/43
Phase 4: Risk Analysis and Evaluation

Review all the information collected
analyze the security risk
RISK ANALYSIS METHODS
20/43
The 6 Phases
of the Security Risk Assessment Process
Project
Definition
Administrative
Risk Analysis
Project
Preparation
Technical
Risk Mitigation
Risk Evaluation
Physical
Risk Reporting
and Resolution
Planning
Risk
Assessment
21/43
Phase 5: Risk Mitigation

Reduce the risks to an acceptable level
Recommendation for Safeguards
Threats
Vulnerabilities

Cost
Safeguards
Define and compare solution sets
Risk Reduction
A
C
B
22/43
Phase 6: Risk Reporting and Resolution

Report and presentation of recommendations


Target audience
Decision-taking

Risks are
Executive
Management
Technical personnel
Information Security Manager
Avoided or Mitigated
Delegated
Accepted
23/43
The 6 Phases
of the Security Risk Assessment Process
Project
Definition
Administrative
Risk Analysis
Project
Preparation
Technical
Risk Mitigation
Risk Evaluation
Physical
Risk Reporting
and Resolution
Planning
Risk
Assessment
24/43
an introduction to
RISK ANALYSIS AND
RISK ANALYSIS METHODS
25/43
Recapitulating

Risk is related to a future events
and their consequences
UNCERTAINTY
how to express
UNCERTAINTY?
26/43
Recapitulating

Risk is related to a future events
and their consequences
Barriers and
Mitigation
Causes that
lead to A
Mitigation of
consequences
A:
Hazard
or
Threat
Consequences
of A
causes, countermeasures and mitigators
27/43
How To Express Uncertainty?

Based on knowledge ( K )
associate event ( A ) to a probability ( P )
P(A|K)
A
NOT
passing
this
course
P ( A | K ) = 0.05
B
being grounded
by parents
P ( B | A, K ) = 0.01
consequence
28/43
Defining Risk in Terms of Probabilities

A set of probabilities P
associated to a set of consequences C
in relation to the severity of C

BUT

NOT a perfect tool
Knowledge base ( K ) contains uncertainties
and assumptions
being grounded
by parents
( !!! )
29/43
Events, Causes and Consequences

Identification of Initial Events

Different systems
different sets of events

Requires a structured, systematic strategy
different techniques usually based on brainstorming
checklists, guides
Other Analyses
Experience
Data Gathering
Assumptions
...
Event
Identification
Process
List of Events
Risk Analysis
Method
30/43
Events, Causes and Consequences

Cause Analysis

Identify event triggers

Requires in-depth understanding of the system
different methods
brainstorming, fault-trees, etc...
Cause
Causes that lead to A
A:
Hazar
d or
Threat
Consequences of A
Event
Cause
31/43
Events, Causes and Consequences

Consequence Analysis

Evaluate possible consequences of an event A
analysis of barriers and barrier failures
different methods
for barrier analsyis
Consequence
Event Trees
Event
Consequence
32/43
Risk Analysis Methods

They differ on:







level of detail and required effort
target system
Coarse Risk Analysis
Job Safety Analysis
FMEA
Fault Tree Analysis
Event Tree Analysis






HAZOP
SWIFT
Ishikawa Diagrams
Bayesian Networks
Monte Carlo Simulation
CORAS
(this list is not comprehensive!)
33/43
Coarse Risk Analysis
(Preliminary Risk Analysis)

Provides: a crude risk picture
with a modest effort

It covers:


How it works: often with forms



Initial events, cause and consequences
Divide the system into sub-elements and
carry a risk analysis for each sub-element
Classify risks under categories
attribute probabilities and consequences
Identifies the most important risk contributors
34/43
Job Safety Analysis

Risks associated to a work assignment


usually based on checklists
How it works:


Classify the activity: standard or not
Identify conflicts between activities
Paint
Station
Weld Station

Evaluate work steps and possible risks
35/43
Failure Modes and Effects Analysis
(FMEA)

Simple analysis that reveals possible failures
and predict effects on the system

How it works: systematic inductive method


For each system component
investigate what happens if it fails

Considers one component fail at time
not suitable for critical combinations of components

FMEA forms
One of the most renowned risk analysis models
36/43
FMEA Advantages and Disadvantages


Advantages include:

Systematic view of important failures

Good basis for more comprehensive analysis
Disadvantages include:

Focus on technical failures
human failures overlooked

Can be unsuitable for systems with much redundancy

Resource demanding
all components are analyzed ( ! )
37/43
Fault Tree Analysis

One of the most used risk analysis methods

Aerospace industry to nuclear power plants
Minuteman

How it works: deductive logical tree

Describes relations between system failures (events) and
failures of components of a system

Undesirable event at the top
Event
and component failures or human errors
at the bottom (basic events)

Connected with logical gates
38/43
Fault Tree Analysis

Deductive analysis


starting from the top event, ask:
How can this happen ?
or
What are the causes ?
STOP when the
desired level of detail is reached

Can identify failure combinations

Probabilities can be estimated


Event
Occurrence of the top event
Importance of basic events
39/43
Event Tree Analysis

Used to study the consequences of an event


Event
Provide a picture of possible scenarios
Provide probabilities linked to event sequences
A

An event tree with YES or NO answers

_
B
B
_
C
C
Best and worst scenarios
Y0
Y1
Y2
Tree leaves are
the costs
can accomodate
multiple outcomes
40/43
Summary: What you should know by now

What Risk is

What Risk Analysis is
How it fits on the
big picture
Risk Assessment Process

There are multiple Risk Analysis Methods

Different goals and required effort
41/43
Recommended Reading

Literature
Risk Analysis: Assessing Uncertainties beyond
Expected Values and Probabilities
Chapters 1 to 6
Terje Aven
The Security Risk Assessment Handbook
Second Edition
Chapters 1 and 2
Douglas J. Landoll
42/43
Download