security crisis management
play

Security Crisis Management Emmanuel FUCHS Slides available soon at - PowerPoint PPT Presentation

Security Crisis Management Emmanuel FUCHS Slides available soon at www.Elfuchs.Fr Crisis Management Crisis Definition Crisis Management Overview Crisis Management Process Risk Analysis Risk Analysis Case (quantitative )


  1. Risks evaluation IMPACT LOW MEDIUM HIGH P HIGH R O B A R04 MEDIUM R01 B R05 I L I R03 LOW R02 T R06 Y

  2. Crisis Management • Crisis Definition • Crisis Management Overview • Crisis Management Process • Risk Analysis – Risk Analysis Case (quantitative ) – Risk Aversion – Risk Analysis in Project Management (qualitative) • Risks Analysis Modeling • Crisis Management System – Common situation awareness – Even Driven Architecture

  3. Risk elements • Event: what could happen? • Probability: how likely is it to happen? • Impact: how bad will it be if it happens? • Mitigation: how to reduce the probability and by how much? • Contingency: how to reduce the impact and by how much? • Reduction = mitigation x contingency • Exposure = risk – reduction

  4. Types of risk analysis • Quantitative risk analysis – The probability of an event occurring – The likely loss should it occur. • Probability x likely loss • Qualitative risk analysis – Focuses on the impact – Risk model

  5. Qualitative risk analysis model • Threats • Vulnerabilities • Controls

  6. Qualitative risk analysis model • Threats – Things that can go wrong or that can 'attack' the system. • Examples might include fire or fraud. – Threats are ever present for every system.

  7. Threats • Human – From individuals or organizations, illness, death, etc. • Operational – From disruption to supplies and operations, loss of access to essential assets, failures in distribution, etc. • Reputation – From loss of business partner or employee confidence, or damage to reputation in the market. • Procedural – From failures of accountability, internal systems and controls, organization, fraud, etc. • Project – Risks of cost over-runs, jobs taking too long, of insufficient product or service quality, etc. • Financial – From business failure, stock market, interest rates, unemployment, etc. • Technical – From advances in technology, technical failure, etc. • Natural – Threats from weather, natural disaster, accident, disease, etc. • Political – From changes in tax regimes, public opinion, government policy, foreign influence, etc.

  8. Natural threats • Flooding, • Fire, • Seismic activity, • High winds, • Snow and ice storms, • Volcanic eruption, • Tornado, hurricane, • Epidemic, • Tidal wave, typhoon.

  9. Modeling And Simulation Hurricanes

  10. Technical threats • Power failure/fluctuation, • Heating, • Ventilation or air conditioning failure, malfunction or failure of CPU, • Failure of system software, • Failure of application software, • Telecommunications failure, • Gas leaks, • Communications failure, • Nuclear fallout.

  11. Human threats • Robbery, • Sabotage, • Explosion, • Bomb threats, • War, • Embezzlement, • Biological contamination, • Extortion, • Radiation contamination, • Burglary, • Hazardous waste, • Vandalism, • Vehicle crash, • Terrorism, • Airport proximity, • Civil disorder, • Work stoppage (strike) • Chemical spill, • Computer crime.

  12. Qualitative risk analysis model • Vulnerabilities – Make a system more prone to attack by a threat or make an attack more likely to have some success or impact. • For example, for fire a vulnerability would be the presence of inflammable materials (e.G. Paper). • Software Complexity

  13. Qualitative risk analysis model • Controls – Countermeasures for vulnerabilities. – There are four types of controls: • Deterrent (dissuasive) controls – Reduce the likelihood of a deliberate attack • Preventative controls – Protect vulnerabilities and make an attack unsuccessful or reduce its impact • Corrective controls – Reduce the effect of an attack • Detective controls – Discover attacks and trigger preventative or corrective controls.

  14. Qualitative risk analysis model THREAT Fire Software Error VULNERABILITY Presence of Flammable Complexity materials CONTROLS Sprinklers Extinguishers Design and development, standards, Change control.

  15. Qualitative risk analysis model Threat creates Attack eploits Vulnerabilty Results in Impact

  16. Qualitative risk analysis model Threat Deterrent control creates Reduces likelihood of Attack discovers Detective eploits Control Triggers Triggers protects Vulnerabilty Results in Corrective Preventative Control control Reduces Impact Decreases

  17. Risk management process Establish Context Opportunities & Losses Identify Risks Analyze Risks Likelihood & Severity Evaluate Risks Ranked & Prioritized Treat Risks

  18. Crisis Management • Crisis Definition • Crisis Management Overview • Crisis Management Process • Risk Analysis – Risk Analysis Case (quantitative ) – Risk Aversion – Risk Analysis in Project Management (qualitative) • Risks Analysis Modeling • Crisis Management System – Common situation awareness – Even Driven Architecture

  19. Crisis management system

  20. Incident management system • Provide the pertinent, accurate information you need to make critical decisions. • Deploy personnel, equipment, communication, facilities and procedures effectively and efficiently. • Give access to information to plan, direct, coordinate and control resources. • Foster collaboration and coordination with other command control systems. • Deliver secure, dependable systems on time and within budget.

  21. Incident management system

  22. Emergency response organization Strategic Big Picture Operational Tactical First Responder

  23. Emergency system architecture Higher level Response (Strategic level) Planning tools Risk Assessment emergency centers (Operative Level) Low response Cell (Tactical Level) Simulation Framework M&S System First Responders Units Resource Mgt Management (logistic, …) Environment Critical Assets (Urban area, weather)

  24. Crisis management schedule Preparation Crisis Management Non real time Real Time Off line On line incident response phase The incident

  25. Crisis management system functions • Command and control – To provide the functions necessary to put multiple response and recovery plans into action • Communication and intelligence – To effectively receive and transmit information • Coordination and documentation – To organize all of the steps taken to respond to an event and create a record of those actions to protect employees, infrastructure and shareholder value • Automated checklists – To ensure that response and recovery is complete for major functions • Alert notifications – To sort and distribute messages so managers/commanders can track and log multiple and varied notifications • Media management – To inform the media about the progress the company is making toward normal operations

  26. Emergency system architecture

  27. Emergency system architecture

  28. Crisis Management • Crisis Definition • Crisis Management Overview • Crisis Management Process • Risk Analysis – Risk Analysis Case (quantitative ) – Risk Aversion – Risk Analysis in Project Management (qualitative) • Risks Analysis Modeling • Crisis Management System – Common situation awareness – Even Driven Architecture

  29. Distributed crisis management system • All participants have to share information, make decisions and deploy resources without being physically present in the same place. • Using web-enabled software allows participants to work from their normal workstation, from home or from the field. • Emergency plans and reports are available from any location. • All information can be maintained in a central database that is available to participants from anywhere in the world.

  30. Geographical information system geo-referenced information: information that is associated with a physical location

  31. Common situation awareness • Annotations and markups • Data sharing and synchronization • Chat • Data acquisition • Geospatial collaboration • Asset tracking: blue force tracking, location-based services • Decentralized data editing • Fusion of geospatial data • Neutral and trusted workspace • Sensor integration • Reporting • Web-based services

  32. Web services based distributed emergency system architecture Emergency Transform Work Flow Services Use Orchestration Services Expose Components Middleware

  33. Crisis Management • Crisis Definition • Crisis Management Overview • Crisis Management Process • Risk Analysis – Risk Analysis Case (quantitative ) – Risk Aversion – Risk Analysis in Project Management (qualitative) • Risks Analysis Modeling • Crisis Management System – Common situation awareness – Even Driven Architecture

  34. Events Driven Architecture • Ontology • Complex Event Processing • Bayesian Networks

  35. Protege

  36. Complex Event Processing (CEP) • It is an event processing concept that deals with the task of processing multiple events with the goal of identifying the meaningful events within the event cloud.

  37. CEP classical example • A church bells ringing, • The appearance of a man in a tuxedo with a woman in a flowing white gown, • Rice flying through the air. • A complex event is what one infers from the simple events: – a wedding is happening.

  38. Complex Event Inference ? ? ? ?

  39. Threat Process Inference ? ? ? ?

  40. CEP techniques • Complex patterns events, • Multiple events correlation, • Multiple events hierarchies, • Relationships between events: – timing – causality, – membership, – event-driven processes.

  41. Bayesian Networks Bayes theorem models a learning process Event B is independent of events A and C, Event B is independent of events A, C. Event C depends on event A. Event B influences both A and C. Event A depends on event B. Event B is independent of events A and C. Event C depends on events A and B. Event C depends on events A and B. A B A B A B C C C P(A,B,C) = P(C/A)P(A) P(A,B,C) = P(C/A,B)P(A)P(B) P(A,B,C) = P(C/A,B)P(A/B)P(B)

  42. BN classical example • What is the probability that it is raining, given the grass is wet? Raining Wet grass

  43. BN classical example • Suppose that there are two events which could cause grass to be wet either: – the sprinkler is on – or it's raining.

  44. BN, Nodes, CPT CPT : Conditional Probability Table

  45. Bayesian Networks • A Bayesian network is a graph in which nodes represent random variables, and the links the influences between variables. The graph is acyclique. • Links represent causal relationship between variables which are either determinists, or probability.

  46. Bayesian Inference • P(Bad Battery | Has Gas, Won’t Start) Battery Gas Start

  47. Not Only Probability C A ~a~b ~ab ab ~a~b ~a b B

  48. Bayesian subjectivity • Bayesians networks allow to merge in a theoretical frame: – probability stemming from a statistical experience feedback, – and subjective probability . • Thus In the absence of experience feedback data, it is possible to used values of subjective probability, estimated by experts.

  49. Norsys NETICA

  50. A simple example belief network for diagnosing why a car won't start, based on spark plugs, headlights, main fuse, etc. Car Case

Recommend


More recommend