Keywords: critical infrastructures, ICT systems, attacks, attack strategies, vulnerabilities, risk assessment, risk mitigation, security dependencies, critical information infrastructures
Risk management of an information infrastructure: a framework based upon security dependencies
A mathematical framework for the risk management of information infrastructures is presented. The framework describes the infrastructure at distinct abstraction layers by integrating four abstract models that describe, respectively, the relation among components due to the implementation, how rights are managed so that they are taken and granted among threat or users, the vulnerabilities and the attacks they enable against, respectively, components and users. Each model corresponds to a distinct approach to formally deduce the rights a threat can achieve on the infrastructure components and its features influence the security properties and the rights that can be acquired through attacks. The framework considers intelligent threats, each trying to achieve one in a set of goals. To this purpose, a threat implements a strategy that compose elementary attacks. Strategies can be discovered and formally represented as a graph or a finite state automaton. Starting from this formal representation, countermeasures can be considered and analysed so that a proper set of cost effective countermeasures can be applied to define a risk mitigation plan.We show that such a set is always non-redundant because it stops all and only the attacks resulting in a set of goals. Lastly, we show how probabilities of attacks and risk can be considered.