Definition of indicators and metrics for security risk analysis
The Cyber CNI Chair is exploring a number of approaches to designing a method for the improvement of current risk analysis techniques. The premise is that corporate financial evaluation tools can be used to construct a decision-making support model based on category-ordered and ranked security metrics.
Once the security diagnostic has been correctly generated by reliable detection technologies, the analysis work can begin. This involves systematically and accurately assessing the impact of the intrusion, then determining whether the system under surveillance has been deliberately targeted, and finally automatically producing the counter-measures required to secure the system. However, this objective can only be achieved if “relevant” metrics have been determined to analyse the impact of the intrusion. The Cyber CNI Chair has therefore defined an ontology – a methodological framework for the study of general properties – applied to security metrics. This can be used to determine both the “quality” and the “relevance” of specific metrics. The ontology is both robust and reliable because it is based on models used in financial assessment, the sector that pioneered risk analysis. Using this theoretical framework, the Cyber CNI Chair is developing a decision-making model that can be applied to security events and can prioritise the necessary counter-measures. Security policies can therefore be more easily updated to improve their intrusion detection effectiveness. Several experiments are currently under way. In order to test and improve this innovative model, the experimental phase is not restricted to traditional information systems and is being extended to industrial control systems.