Threat Scenario Dependency-Based Model of Information Security Risk Analysis

Summary Asset dependency paradigm can help us to represent the phenomena of risk dependency on the relevant assets. This paper is aimed to propose the information security risk analysis model, based on the threat-scenario dependency paradigm to represent the asset dependency. Two current approaches of asset dependency representation, threat dependency and security dimension dependency, still have limitations on consistency and the formulation of control’s role to reduce the risk. The proposed model can improve the consistency of threats mapping and the control’s roles to reduce the likelihood and degradation value of threat. Key words: Security Risk Analysis, Threat Scenario Dependency, Bayesian Network. 1. Introduction Today, IT Risk Management is getting more important [1], as shown by recent survey by ISACA [3]. In general, we can classify the portfolio of IT Risk in project risk, IT Continuity risk, Information Asset risk, vendor & third party risk, application risk, infrastructure risk and strategic risk [2]. But this paper will be focused on the system-level risk: the relation of technical risk (application, infrastructure and facility) and the business risk impacted by the technical risk. Risk analysis is a part of the risk management cycle, consists of risk identification and risk estimation [4]. We need a security risk management to assure that the risk is mitigated adequately by considering the business needs and organization limitation. There are several standards/frameworks we can refer as a guidance of information security concepts or information security analysis approach, such as ISO/IEC 27001, ISO/IEC 27002, ISO/IEC 27005, EBIOS, Mehari, Magerit, IT Grundschutz, OCTAVE. We will refer those standards/frameworks in this paper. In nutshell, current standards/frameworks have provided an adequate guidance on the information security main concepts such as asset, control, threat, vulnerability. Those standards/frameworks also provide several alternatives to analyze an information security risk. But there are critical limitations in the current approach, especially in the domain of security. First, security terminology is vaguely defined; this leads to confusion among experts as well as the people who should be counseled and served [5]. Second, decisions are often made by managers who do not understand the depth and complexity of the underlying IT infrastructure and therefore base their decisions more on intuition than on a thorough cost/benefit analysis. IT-security personnel are often not involved in the decision making process, and if they are, they have a hard time explaining the complex situation to the decision makers in a proper way [5]. Third, today most companies choose to adapt existing standards than a thorough security threat analysis. That’s more practical, though security managers still face the difficulties when they must take a decision based on the several scenarios within the chosen framework [6]. Because of those limitations, information security ontology is proposed. In general, we can classify information security to specific ontology and global ontology. Several previous researches have created specific ontologies in the domain of security, such as Hecker with his privacy ontology [7], Coma with Context Ontology [8] and Vorobiev with his security attack ontology for web services [9]. Global ontologies, provide all security main concepts and its relations, such as Herzog et. al [10] and Ekelhart et. al [11]. Fenz et. al, based on the Ekelhart ontology, then developed an information security analysis approach using Bayesian Network to represent threat to threat dependency [12]. This approach can improve the efficiency of risk management cycle, because all the knowledge of security and IT architecture has been stored in the ontology format. Next section will discuss more focus in the asset dependency concept for an information security risk analysis.