Network Security Risk Assessment Using Bayesian Belief Networks

Abstract

This paper presents a causal assessment model based on Bayesian Belief Networks to analyze and quantify information security risks caused by various threat sources. The proposed model can be applied to a variety of information security evaluation tasks, risk assessment, software development projects, IT products, and other decision making systems. This unique concept can also be used for the determination of joint risk propagation and interdependence structures within computer networks, information systems, and other engineering tasks in general. By this manner, we can facilitate the determination of probabilistic outputs caused by some precalculated input probabilities or by marginal/joint probabilities found so far within the chain of an interdependence structure. © 2010 IEEE.