Sign up
Sign In
Sign up
Sign In
DataDrivenInvestor
Dec 22
Save
From a data science perspective
McKinsey estimates that, at the current growth rate, cyberattacks will cause an annual damage of $10.5 trillion by 2025. Already today, according to IBM, an average data breach in US costs $9.5 million.
Cybersecurity risks is one of the fastest growing digital industries where the data science toolkit saves millions from day one. This intro elaborates the cybersecurity risk assessment framework from a data science perspective. Starting with the definition of risk we will build an intuition for using Bayesian modelling mindset to address practical challenges.
Of course when risks are identified, they have to be managed. But in order to manage risks effectively they need to be calculated and prioritized first. Without risk assessment organizations couldn’t focus on really important things, and considering limited budget could leave critical assets unprotected.
By definition, risk is an expected negative impact. The word “expected” indicates that we try to predict the future and operate with uncertainty. In mathematical terms it means we have a random variable Impact, which takes different possible values when bad events happen (risk scenarios are realized). And the expected value of this random variable is called risk.
An event can be something complex, e.g., a data breach via unsecured API in a cloud infrastructure, but for our purposes it translates into a combination of threats and vulnerabilities.
Threat Analysis and Vulnerability Assessment are designated activities conducted on different levels (worldwide, country, organization, network perimeter, application etc.). For instance,
By modelling risks we mean estimating a probability distribution of the impact.
According to the definition of expected value, we operate in a universe of all possible events, i.e., all combinations and dependencies between different threats and vulnerabilities are possible.
How to handle all this real world complexity? This is the moment when Subject Matter Experts in cybersecurity reveal the truth or heuristics about the universe of events. For instance, they can tell that without loosing much accuracy, you can model some threats independently, or that vulnerability of one asset doesn’t influence another asset’s vulnerability and etc. In other words, SMEs will provide realistic assumptions which could simplify the estimation of the Impact probability distribution. i.e., P(Impact) = P(Threat & Vulnerability). Selected examples of such assumptions are below:
After the assumptions about the impact probability distribution being made it is time to estimate the distribution with the data. The motivation for the modelling approach comes from the fact that data points are rare by design — we don’t want any risks to be actually realized.
In order to decide which risk mitigation strategy to choose, an organization estimates how a particular risk mitigation measures change the vulnerability profile and reduce the risk. The question is critical because risk reduction does not come for free. By modelling residual risk (after measures were applied) risk managers solve an optimization problem with constraints: what measures mitigate the risk to a given risk tolerance level so that costs do not exceed the given budget.
Moreover, game-theoretical aspects should not be ignored. For instance, if hackers become aware of particular mitigation measures, it might decrease the probability of a threat addressing the vulnerability covered by those measures.
Cybersecurity risk management is vital for a modern organization. Risk assessment is the cornerstone of the risk management process which distinguishes winners from losers. It has many modelling challenges. And organizations overcome them by applying realistic assumptions to simplify calculations. Risk mitigation strategy is the outcome of the risk modelling exercise incorporating costs of the risk reduction activities.
Due to the fast-changing cybersecurity environment this process is usually semi-automated and active 24/7 with the help of real-time security risk monitoring systems. Implementation and maintenance of such system is an important but challenging task. However, only moving this way organizations can take the risks under control.
The good news is that the majority of the risks modelling challenges can be addressed with the existing data science and machine learning methods.
Subscribe to DDIntel Here.
Visit our website here: https://www.datadriveninvestor.com
Join our network here: https://datadriveninvestor.com/collaborate
—
—
empowerment through data, knowledge, and expertise. subscribe to DDIntel at https://ddintel.datadriveninvestor.com
Bolide
Grim Finance
Berty Team
in
Berty
CoolTechZone – Cyber Security Labs & News
ReadWrite
in
ReadWrite
ReadWrite
in
ReadWrite
Dinu Gitlan
Naoris Protocol
in
Naoris Protocol
AboutHelpTermsPrivacy
Data Scientist at Avanade; linkedin.com/in/kirill-tsyganov
Help
Status
Writers
Blog
Careers
Privacy
Terms
About
Text to speech
