Prof. Jens Großklags (The Pennsylvania State University)
- Datum: 12.05.2016
Zeit: 16:30 - 18:00
Ort: Ludwigstr. 28, VG, 211b
Titel:The Assessment of Systematic Security Risk in Interdependent Systems
The risk of security compromises depends not only on an entity’s security precautions, but also on the network structure formed by the connected individuals, businesses, and computer systems. It is of increasing importance to rigorously assess the resulting security interdependencies and the likelihood of widespread security failures. In particular, a thorough analytic assessment of the probability distribution on the number of compromised entities in a security incident (i.e., loss-number distribution) is demanded by various risk-management approaches such as cyber-insurance.
This talk will discuss results from a theoretical study on the evaluation of systematic risk in networked systems. I will present results on the complexity of computing loss-number distributions, both generally and for special cases of common real-world networks. In the case of scale-free networks, I will demonstrate that expected loss alone cannot determine the riskiness of a network, and that this riskiness cannot be naively estimated from the types of information commonly found in incident reports, which highlights the importance of topological data in security assessments. I will also comment on a second study proposing a paradigm shift to cyber-insurance practices to partially account for the interdependence of risks, and demonstrate the viability of the approach in a specific scenario. The results of these studies constitute important steps towards the analysis of systematic risk, and help to contribute to the emergence of a viable cyber-insurance market.