Download presentation
Presentation is loading. Please wait.
Published byDaniel Carter Modified over 9 years ago
1
CERT Centers, Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 SEI is sponsored by the U.S. Department of Defense © 2000 by Carnegie Mellon University 95-752:8-1 Models of Information Security Analysis
2
© 2002 by Carnegie Mellon University Model - 2 Outline Definitions Analysis framework Cautionary factors Sample analysis
3
© 2002 by Carnegie Mellon University Model - 3 Definitions Trend: 1.to extend in a general direction: follow a general course or veer in a new direction 2.to show a tendency for example, to incline or trend upwards or to become deflected or shift Trend analysis: search for patterns over time in order to identify the ways in which they change and develop, veer in new directions, or shift Incident - Any event that harms security at one or more sites
4
© 2002 by Carnegie Mellon University Model - 4 Analysis Framework Types of trends Sources of data Interpretation of results
5
© 2002 by Carnegie Mellon University Model - 5 Types of Trends Internal and External patterns Temporal trends Spatial trends Associational trends Compound trends
6
© 2002 by Carnegie Mellon University Model - 6 Sources of Data CERT/CC Data Year 2000 - 21,756 Incidents reported to CERT/CC Year 2001 (Q1) - 7, 457 Incidents reported to CERT/CC Profiled 1654 incidents, all active during July 2000 - Feb 2001 (plus some preliminary June data) Open Source Data: Web page defacement mirrors Lexus/Nexus Full disclosure sites Social data
7
© 2002 by Carnegie Mellon University Model - 7 Limits of Trending Inherently partial data Baseline in dynamic environment Correlation vs. Causation Implications Need to be cautious in kinds of conclusions Consider strategies for dealing with trends gone wrong
8
© 2002 by Carnegie Mellon University Model - 8 Internal Pattern: Staged Attack 1 2 3
9
© 2002 by Carnegie Mellon University Model - 9 External Pattern: Tool Development Intruder 1 Intruder 2 Analysts
10
© 2002 by Carnegie Mellon University Model - 10 Temporal Trend Defenders Intruders
11
© 2002 by Carnegie Mellon University Model - 11 Vulnerabilities in Incidents
12
© 2002 by Carnegie Mellon University Model - 12 Service Shifts
13
© 2002 by Carnegie Mellon University Model - 13 Analysis Process Incident Information Flow Identify Profiles and Categories Isolate Variables Identify Data Sources Establish Relevancy Identify Gaps
14
© 2002 by Carnegie Mellon University Model - 14 Conclusions Typifying trends simplifies interpretation Clarification of goals Identification of relative importance of characteristics Understanding cyber security is growing in importance
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.