Mason Archival Repository Service

Hybrid Security Risk Assessment Model

Show simple item record

dc.contributor.advisor Jones, James Jr
dc.contributor.author Banks, Robert E
dc.creator Banks, Robert E
dc.date 2020-12-04
dc.date.accessioned 2021-09-28T11:48:08Z
dc.identifier.uri http://hdl.handle.net/1920/12081
dc.description This dissertation has been embargoed for 2 years. It will not be available until December 2022 at the earliest. en_US
dc.description.abstract Current cybersecurity risk models are inadequate for assessing next-generation technologies. Current models often use experience-based data to quantify the potential risks of new security technologies based on their exploitability and impact. However, use of such data may be limited and is rarely reusable because it often contains confidential or proprietary information. I propose an improved risk model constructed from public data and represented as a set of probabilistic models. The proposed Hybrid Security Risk Assessment Model uses the Department of Homeland Security's public National Vulnerability Database (NVD) for information on known vulnerabilities, and MITRE’s public Common Attack Pattern Enumeration and Classification (CAPEC™) tools as the basis of a risk scoring system. I developed Bayesian Belief Networks (BBN) to generate probabilities within this risk management system to assess new technologies for critical infrastructure use cases. The Hybrid Security Risk Assessment Model enables a more accurate and trustworthy way of quantitatively estimating the vulnerability and weakness-based risk of new technologies using publicly available data. en_US
dc.language.iso en en_US
dc.subject National Vulnerability Database (NVD) en_US
dc.subject Common Vulnerability Scoring System (CVSS) en_US
dc.subject Common Weakness Scoring System (CWSS) en_US
dc.subject Bayesian Belief Network (BBN) en_US
dc.subject Common Weakness Risk Analysis Framework (CWRAF) en_US
dc.subject Risk Assessment en_US
dc.title Hybrid Security Risk Assessment Model en_US
dc.type Dissertation en_US
thesis.degree.name Doctor of Philosophy in Information Technology en_US
thesis.degree.level Master's en_US
thesis.degree.discipline Information Technology en_US
thesis.degree.grantor George Mason University en_US
dc.description.embargo 2022-12-04


Files in this item

This item appears in the following Collection(s)

Show simple item record

Search MARS


Browse

My Account

Statistics