17
C H A P T E R 2
Preliminaries
2.1 SECURITY RISK ASSESSMENT
In the absence of budgetary constraints, it is not an effective strategy to simply implement nu-
merous random security measures. Since, without an understanding of the risks associated with
the platforms which hosts an organization’s application, developing and implementing secu-
rity measures are futile leading to inefficient utilization of limited security resources. erefore,
addressing cyber security threats by formulating efficient and effective security measures is a
multi-step process which requires performing security requirements analysis, risk assessment,
risk management, and mitigation. ese processes will also help organizations understand the
benefits of their investment in cyber-security.
Security risk assessment lies at the crux of this multi-step process, enabling the incor-
poration of organization-wide assessment to determine the security threats, vulnerabilities, and
their impact on network security parameters like confidentiality, integrity, and availability. It
also helps in prioritizing the risks that needs to be addressed thereby playing an important role
aiding the allocation of security measures constrained by an organization’s budget. However,
performing idealistic risk assessments for a large-scale organization can still be very expensive
and may produce results which might require considerable domain knowledge in order to com-
prehend and generate useful insights. erefore, the task of risk assessment is not trivial and
requires careful consideration. In the following sections, we discuss some of the many facets of
generic risk assessment methodologies.
2.1.1 RISK ASSESSMENT METHODOLOGIES
e process of security risk assessment is guided by identifying security requirements and there-
after performing extensive evaluations of an organization’s Cyber security prospects. ese tasks
involve assessing the network infrastructure for security threats due to vulnerabilities that are
present and the attacks that can exploit them. Risk assessment also enables the evaluation of
another important organization asset—the people. Users of an application and an organiza-
tion’s employees are also susceptible to different threats which can result in the Cyber security
incidents. ese threats cannot be detected by running a vulnerability scanner tool on the net-
work, further necessitating the need of performing risk assessment. At the end, risk assessment
provides a detailed report on the threats confronted by an organization in different domains
(network, people, security policies, etc.). is can be used in the risk management and mitiga-
tion process to either patch security vulnerabilities and prevent certain attacks or to pro-actively
18 2. PRELIMINARIES
develop prioritized security incident response plans to minimize the effect of an exploit. ere-
fore, risk assessment acts as an estimation and validation tool for an organization by shedding
light into security return on investment, get feedback on implemented security measures. is
is also help to understand their cohesion with respect to best security practices, compliance and
standards as laid down by regulatory bodies like NIST or ENISA.
Security Risk Assessment Process
e security risk assessment process is used to determine the strengths and weaknesses of an
organization’s systems, identifying and minimizing threats below a threshold which is accept-
able as per the security requirements of the organization. An example of an organization’s se-
curity requirements could be ensuring a certain level of assurance in confidentiality, integrity,
and availability of their application and the data it processes. Risk assessment generally focuses
on evaluating the likelihood of an undesired event (for, e.g., a data breach, or an unauthorized
access) and the impact it will have on the exploitation of the system and the organization as a
whole. Once this is evaluated, risk mitigation measures are designed and developed to minimize
the likelihood and impact of the risks. In broader terms, risk assessment can be used to identify
risks in different areas of an organization and not just related to Cyber security. For example,
traditional risk assessment in the domain of information security and IT security can be used
to evaluate systems and applications that support the functional services of an organization, its
network and servers, physical security of the devices and premise, risks present (due) to em-
ployees of the organization. e process of risk assessment is normally (and must be) utilized
during the conception of an IT service. Other than this, addition of new functionalities to an
application/service; changes in the networking environment; change in technology (Software or
Hardware updates) should also prompt the utilization of the risk assessment process.
e scope of attacks sustained by a WSN has been surveyed and discussed in [52, 53, 56].
e authors have assessed well-known sets of WSN attacks along with their countermeasures.
ey were, however, oblivious about the attack’s impact on a network and efficiency of the coun-
termeasures. In his survey on security issues of a WSN, Walter [38] established the parameters
based on which security of a WSN is characterized. ese parameters were confidentiality, in-
tegrity and availability. We are able to design the attack patterns from this information for our
work and analyze the attacks on a broader perspective. Analysis of various attacks adopted by the
adversary to exploit security parameters and ways in which they could be averted were also dis-
cussed in [38], although it did not address the likelihood of exploitation of an attack. Wood [57]
and Xu [58] give exposition on the omnipresent denial of service (DoS) attack. DoS are not only
hard to predict but also to counter. is helped us in understanding the nature of jamming at-
tacks in WSNs. e absence of predictability and correlation with other attacks in case of DoS
attack is a drawback on the security administrator’s part. Karlof [59], Kannhavong [60], and
Newsome [37] give an in-depth analysis on routing layer attacks and the Sybil attack, respec-
tively. However, these attacks can be exploited by successful execution of attacks in different
2.1. SECURITY RISK ASSESSMENT 19
network layers. For this purpose we should identify the interdependencies between different
feasible attacks. Mauw [61] and Phillips [50] demonstrated this kind of logical relationship
via attack graphs or trees. Using the principles from the work of Lee [62], we were able to
assess the risks to a network. But the drawback was that they were for a wired network sce-
nario. Sheyner [49] discussed the various types of attack graph and models. is contributed
immensely toward the development of the attack graph model for WSN. Gallon [63] devised
the methods to quantitatively assess the attack nodes in the attack graph, although they were not
meant for a WSN. National vulnerability database [44] established the vectors to calculate the
severity ratings of vulnerabilities in a wired network. Using the same principles, we calculated
the severity ratings for the attacks on WSN. Frigault [45] gave insight on implementing attack
graphs as a Bayesian network. is gave us a better understanding about the adversary’s capa-
bility, likelihood, and impact of attacks for various attack scenarios. Dantu [64] and Liu [65]
analyzed attacks by assigning probability values to the attack graph nodes. Furthermore, using
the concepts of Bayesian networks on these probability values, they calculated potential attack
paths and modeled network vulnerabilities. Nevertheless, these computations were not for an
attack scenario of a WSN and as such could not be applied to the proposed attack graphs for a
WSN. Houmb [46] proposed the methodologies of risk level estimations using the exploitation
frequency and impact of vulnerabilities in a wired network. We adopted these concepts to iden-
tify the metrics necessary to compute net threat level to the root node of our attack graph when
it is represented as a Bayesian network. is gave a degree of diversification and uniqueness to
the WSNs with respect to quantitatively analyzing our attack graphs and using the results to
estimate maintenance period for the largely unattended WSNs.
Organizations must follow through with the creation of risk assessment policies which
outlines a blueprint to guide the assessment process to be carried out. Such a blueprint consists
of guidelines, establishing factors such as the following.
• When does an organization need to perform risk assessment?
• How often should it be repeated?
• What will be the scope of risk assessment (how comprehensive it is going to be)?
• Who will be in charge of carrying out the task (internal or third party)?
• What is expected from it (actionable insights)?
• Prioritizing risk levels (what sort of risks will be acceptable and which ones will be deemed
critical).
• What methods will be used to perform risk assessment (qualitative, quantitative or hy-
brid)?
20 2. PRELIMINARIES
e risk assessment process, an exhaustive task, is initiated with the risk assessment policies
document. It helps in defining the scope of the task and appointing personnels who will be re-
sponsible to carrying it out. ereafter, risk assessment procedures are chosen (or developed)
and a list of threats are identified which is followed up with identifying vulnerabilities. In this
context, a reat is defined as an unwanted event that may cause harm; Vulnerability is defined as
a weakness which may provide a way for a threat to materialize; Impact is defined as the conse-
quence(s) of a threat that has materialized. After vulnerability identification, security measures
are determined and evaluated which might either help to mitigate, transfer (getting insurance
policies), or avoid the threat and its impact. ereafter, all the aforementioned information are
used to estimate probability values which will depict the likelihood of occurrence of the threat in
the presence of evaluated security measures. is is generally done either by using experts with
domain knowledge, historical logs of threats, or statistical analysis. For prioritizing, the esti-
mated probability can be further categorized as Very likely, Isolated incidents, Rare, Very unlikely,
and Almost impossible. ese categorizations are subjective and typically depends on the organi-
zation and their risk assessment policies and followed up with sensitivity analyses like Monte
Carlo analyses.
Once probabilities are estimated, the damage is quantified in terms of the impact of the
identified threats when they exploit the vulnerabilities. is followed up with risk level esti-
mations which is defined by threat multiplied by its likelihood and impact probabilities. Al-
though organizations like NIST have a scale for categorizing risk levels (for, e.g., 1.0: High,
0.5: Medium, 0.1: Low), it is a challenging task to be able to quantify and categorize risk levels
based on monetary loss or loss of reputation. After risk level estimations, security measures are
re-evaluated and suggested for implementation which are presented in the reports generated
from the risk assessment process.
For traditional risk assessment, many tools are available [47, 48], however any tool devel-
oped for carrying out risk assessment should have the some of the following features:
• structured report generation to show the risk probabilities and their impacts,
• questionnaires and checklist to assess concerns related to compliance, policies, and best
practices,
• list of threats and Security measures that can be used to suppress them, and
• software automation.
Qualitative vs. Quantitative Risk Assessment
Risk assessment involves the comprehensive identification of different threats an organization
will face and evaluate their likelihood and impact. ere are two primary methods of doing
this: qualitative and quantitative. Qualitative risk assessment involves subjectively evaluating
the identified risk’s impact or likelihood using metrics like High, Medium, or Low. e cat-
egorization of the identified risks is usually done based on organizational policies and their
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.