How to Estimate a Technical VaR Using Conditional Probability, Attack Trees and a Crime Function - Security Engineering and Intelligence Informatics
Conference Papers Year : 2013

How to Estimate a Technical VaR Using Conditional Probability, Attack Trees and a Crime Function

Abstract

According to the Basel II Accord for banks and Solvency II for the insurance industry, not only should the market and financial risks for the institutions be determined, also the operational risks (opRisk). In recent decades, Value at Risk (VaR) has prevailed for market and financial risks as a basis for assessing the present risks. Occasionally, there are suggestions as to how the VaR is to be determined in the field of operational risk. However, existing proposals can only be applied to an IT infrastructure to a certain extent, or to parts of them e.g. such as VoIP telephony. In this article, a proposal is discussed to calculate a technical Value at Risk (t-VaR). This proposal is based on risk scenario technology and uses the conditional probability of the Bayes theorem. The vulnerabilities have been determined empirically for an insurance company in 2012. To determine the threats, attack trees and threat actors are used. The attack trees are weighted by a function that is called the criminal energy. To verify this approach the t-VaR was calculated for VoIP telephony for an insurance company. It turns out that this method achieves good and sufficient results for the IT infrastructure as an effective method to meet the Solvency II’s requirements.
Fichier principal
Vignette du fichier
978-3-642-40588-4_20_Chapter.pdf (772.75 Ko) Télécharger le fichier
Origin Files produced by the author(s)
Loading...

Dates and versions

hal-01506570 , version 1 (12-04-2017)

Licence

Identifiers

  • HAL Id : hal-01506570 , version 1

Cite

Wolfgang Boehmer. How to Estimate a Technical VaR Using Conditional Probability, Attack Trees and a Crime Function. 1st Cross-Domain Conference and Workshop on Availability, Reliability, and Security in Information Systems (CD-ARES), Sep 2013, Regensburg, Germany. pp.288-304. ⟨hal-01506570⟩
103 View
149 Download

Share

More