How to Estimate a Technical VaR Using Conditional Probability, Attack Trees and a Crime Function

Abstract : According to the Basel II Accord for banks and Solvency II for the insurance industry, not only should the market and financial risks for the institutions be determined, also the operational risks (opRisk). In recent decades, Value at Risk (VaR) has prevailed for market and financial risks as a basis for assessing the present risks. Occasionally, there are suggestions as to how the VaR is to be determined in the field of operational risk. However, existing proposals can only be applied to an IT infrastructure to a certain extent, or to parts of them e.g. such as VoIP telephony. In this article, a proposal is discussed to calculate a technical Value at Risk (t-VaR). This proposal is based on risk scenario technology and uses the conditional probability of the Bayes theorem. The vulnerabilities have been determined empirically for an insurance company in 2012. To determine the threats, attack trees and threat actors are used. The attack trees are weighted by a function that is called the criminal energy. To verify this approach the t-VaR was calculated for VoIP telephony for an insurance company. It turns out that this method achieves good and sufficient results for the IT infrastructure as an effective method to meet the Solvency II’s requirements.
Type de document :
Communication dans un congrès
Alfredo Cuzzocrea; Christian Kittl; Dimitris E. Simos; Edgar Weippl; Lida Xu. 1st Cross-Domain Conference and Workshop on Availability, Reliability, and Security in Information Systems (CD-ARES), Sep 2013, Regensburg, Germany. Springer, Lecture Notes in Computer Science, LNCS-8128, pp.288-304, 2013, Security Engineering and Intelligence Informatics
Liste complète des métadonnées

Littérature citée [22 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01506570
Contributeur : Hal Ifip <>
Soumis le : mercredi 12 avril 2017 - 10:25:03
Dernière modification le : jeudi 13 avril 2017 - 01:06:53
Document(s) archivé(s) le : jeudi 13 juillet 2017 - 12:28:41

Fichier

978-3-642-40588-4_20_Chapter.p...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

  • HAL Id : hal-01506570, version 1

Citation

Wolfgang Boehmer. How to Estimate a Technical VaR Using Conditional Probability, Attack Trees and a Crime Function. Alfredo Cuzzocrea; Christian Kittl; Dimitris E. Simos; Edgar Weippl; Lida Xu. 1st Cross-Domain Conference and Workshop on Availability, Reliability, and Security in Information Systems (CD-ARES), Sep 2013, Regensburg, Germany. Springer, Lecture Notes in Computer Science, LNCS-8128, pp.288-304, 2013, Security Engineering and Intelligence Informatics. 〈hal-01506570〉

Partager

Métriques

Consultations de la notice

61

Téléchargements de fichiers

32