Uncertainty and Risk Management in Cyber Situational Awareness

Date Added: Aug 2009
Format: PDF

Handling cyber threats unavoidably needs to deal with both uncertain and imprecise information. What one can observe as potential malicious activities can seldom give there 100% confidence on important questions one care about, e.g. what machines are compromised and what damage has been incurred. In security planning, one needs information on how likely a vulnerability can lead to a successful compromise to better balance security and functionality, performance, and ease of use. These information are at best qualitative and are often vague and imprecise. In cyber situational awareness, one have to rely on such imperfect information to detect real attacks and to prevent an attack from happening through appropriate risk management.