Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Risk Assessment

Published byWendy Sharp Modified over 5 years ago

Similar presentations

Presentation on theme: "Security Risk Assessment"— Presentation transcript:

1 Security Risk Assessment
Engineering Secure Software Security Risk Assessment

2 Why do we study risk? Many outcomes are possible, not all are probable
Enumeration Prioritization Discussion

3 Naïve Security Risk Assessment
The naïve approach Write down your worst fears for the system Try to avoid those things Cons Requires a big “bag of tricks” Easily overwhelming for security

4 What is risk? p(occurrence)*impact
The risk associated with an event is the probability that the event will happen times the impact magnitude of the event For the math-oriented… expected value Matches how people generally think Low p(occ), high impact … terrorist attacks, struck by lightning High p(occ), low impact … credit card theft, keeping my old truck unlocked © Andrew Meneely

5 What is security risk? p(exploit)*value of an asset p(exploit) Asset
The probability that an exploit will occur on your system Asset A [tangible or intangible] resource of the system that has value in confidentiality, integrity, availability

6 p(exploit) Increased by more vulnerabilities
Increased by a far-reaching vulnerability Increased by discoverable vulnerabilities …although you cannot rely on security through obscurity alone … Increased by scope of the project …although sometimes that is unavoidable… Other factors that we cannot control Market share  exposure New malicious actors (e.g. activism spike) Many, many other factors that we must ignore for the sake of simplicity Thus, we generally assume p(vulnerability) is proportional to p(exploit)

7 Assets Every software system has assets
Domain-specific e.g. patient records Domain-independent e.g. passwords Intangible properties e.g. availability These can be identified at the requirements and design stages Assets exist in the deployed system, so source code is not (necessarily) an asset

8 Places where assets live
Database tables Logs User-supplied data Sandboxing features Configuration files Built-in examples Configuration consoles Network traffic File systems Cookies Security feature inputs User interfaces

9 Risk Assessment in Process
From:

10 The Planning > The Plan
One of the most important elements of risk analysis is the process itself Discussions that are brought up Fighting over the mitigation strategies Communication is very important at this stage Assessing the change in risk is more sound than the final numbers New assets? Increased p(exploit)?

11 Abuse Cases vs. Risk Assessment
Abuse & Misuse Cases Involves planning Potentially infinite Emphasize domain Scenario-driven Originates from abusing functionality What if? Risk Assessment Involves planning Potentially infinite Emphasize all risks Quantitative Originates from CIA, assets, p(exploit) What might?

12 Protection Poker A combination of product & process risk
Trace stories to assets Quantify the risk for prioritization Ease of attack Value of the asset Discuss the elements of the risk Originally designed for agile processes Assumes we are in a sprint Not comprehensive, but just-in-time

13 Story Points Estimation
In PP, we use story points Dimensionless (unit-less) Should not translate to hours, effort, etc. Limited to a few choices Why argue over 51 vs. 50? Exponential in scale (~Fibonacci) Ease of attack ~ p(vulnerability)

14 Protection Poker in Action
Identify some assets Calibrate your asset values Calibrate your ease of attack For each item Trace the item to the assets affected Vote on affected asset values, as needed Vote on ease of attack Examine two rankings Ease*Max(value) Ease*Sum(value)

Download ppt "Security Risk Assessment"

Similar presentations

OCTAVESM Process 4 Create Threat Profiles

OCTAVESM Process 4 Create Threat Profiles
Ranking of security controlling strategies driven by quantitative threat analysis. Tavolo 2: Big data security evaluation UNIFI-CNR Nicola Nostro, Andrea.

Ranking of security controlling strategies driven by quantitative threat analysis. Tavolo 2: "Big data security evaluation" UNIFI-CNR Nicola Nostro, Andrea.
Engineering Secure Software. Does Security Even Matter?  At your table, introduce yourselves: Your name, degree, & app domain What is your favorite software.

Engineering Secure Software. Does Security Even Matter?  At your table, introduce yourselves: Your name, degree, & app domain What is your favorite software.
Engineering Secure Software. Uses of Risk Thus Far  Start with the functionality Use cases  abuse/misuse cases p(exploit), p(vulnerability)  Start.

Engineering Secure Software. Uses of Risk Thus Far  Start with the functionality Use cases  abuse/misuse cases p(exploit), p(vulnerability)  Start.
Engineering Secure Software. The Power of Source Code  White box testing Testers have intimate knowledge of the specifications, design, Often done by.

Engineering Secure Software. The Power of Source Code  White box testing Testers have intimate knowledge of the specifications, design, Often done by.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.

Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
CST 481/598 Many thanks to Jeni Li.  Potential negative impact to an asset  Probability of a loss  A function of three variables  The probability.

CST 481/598 Many thanks to Jeni Li.  Potential negative impact to an asset  Probability of a loss  A function of three variables  The probability.
Introducing Computer and Network Security

Introducing Computer and Network Security
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Engineering Secure Software. Risk Management  Beyond assessment Assess: Enumerate, Prioritize, Discuss Manage: Act on those discussions  Mitigate risk.

Engineering Secure Software. Risk Management  Beyond assessment Assess: Enumerate, Prioritize, Discuss Manage: Act on those discussions  Mitigate risk.
Engineering Secure Software. Why do we study risk?  Many outcomes are possible, not all are probable  Enumeration  Prioritization  Discussion.

Engineering Secure Software. Why do we study risk?  Many outcomes are possible, not all are probable  Enumeration  Prioritization  Discussion.
Let’s Play Poker: Effort and Software Security Risk Estimation in Software Engineering Laurie Williams 1 Picture from

Let’s Play Poker: Effort and Software Security Risk Estimation in Software Engineering Laurie Williams 1 Picture from
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Project Risk Management. The Importance of Project Risk Management Project risk management is the art and science of identifying, analyzing, and responding.

Project Risk Management. The Importance of Project Risk Management Project risk management is the art and science of identifying, analyzing, and responding.
Chapter 11: Project Risk Management

Chapter 11: Project Risk Management
Risk management in Software Engineering T erm Paper By By Praveenkumar Sammita Praveenkumar Sammita CSC532 CSC532.

Risk management in Software Engineering T erm Paper By By Praveenkumar Sammita Praveenkumar Sammita CSC532 CSC532.
Conostix S.A. Sensible defence.

Conostix S.A. Sensible defence.
Security Risk Assessment Applied Risk Management July 2002.

Security Risk Assessment Applied Risk Management July 2002.
Introducing Computer and Network Security. Computer Security Basics What is computer security? –Answer depends on the perspective of the person you’re.

Introducing Computer and Network Security. Computer Security Basics What is computer security? –Answer depends on the perspective of the person you’re.

Similar presentations

Ads by Google