Edgar Padilla is a Ph.D. student at the University of Texas at El Paso. He is also a systems programmer for the University’s enterprise resource planning systems. His research interests include risk analysis and secure software architecture.
Analyzing risk is critical throughout the software acquisition lifecycle. System risk is assessed by conducting a penetration test, where ethical hackers portray realistic threat on real systems by exploiting vulnerabilities. These tests are very costly, limited in duration, and do not provide stakeholders with “what-if” analyses. To alleviate these issues, system models are used in emulation, simulation, and attack graph generators to enhance test preparation, execution, and supplementary post-test analyses.
This article describes a method for developing models that can be used to analyze risk in mixed tactical and strategic networks, which are common in the military domain.
Cybersecurity Data Gap Network and host-based sensors collect data that are foundational for current-day cybersecurity technologies such as intrusion detection and prevention systems. However, for cybersecurity incidents, these data only tell a part of the story. Lacking are the data…