*The webinar video recording will be available shortly. Thank you for your patience.*

This webinar describes the Cyber Security Game (CSG). CSG is a method that has been implemented in software that quantitatively identifies cyber security risks and uses this metric to determine the optimal employment of security methods for any given investment level. Cyber Security Game maximizes a system’s ability to operate in today’s contested cyber environment by minimizing its mission risk. The risk score is calculated by using a mission impact model to compute the consequences of cyber incidents and combining that with the likelihood that attacks will succeed. The likelihood of attacks succeeding is computed by applying a threat model to a system topology model and defender model. CSG takes into account the widespread interconnectedness of cyber systems, where defenders must defend all multi-step attack paths and an attacker only needs one to succeed. It employs a game theoretic solution using a game formulation that identifies defense strategies to minimize the maximum cyber risk (MiniMax). This webinar discusses the methods and models that compose Cyber Security Game. A limited example of a Point of Sale system is used to provide specific demonstrations of CSG models and analyses.

*You must be logged in to download files associated with this video podcast.*Click here to login.

CSIACAdmin

This question was asked during the webinar:

Is there supporting tool aids or models available in open source?

CSIACAdmin

This question was asked during the webinar:

Can Artificial Intelligence solutions be used to comprehensively reason about all of the possible cyber attacks?

CSIACAdmin

This question was asked during the webinar:

Are there supporting tool aids or models available in open source?

CSIACAdmin

This comment was mentioned during the webinar:

Boundaries of the Context (Model):

More on Model Risk Management: Princeton Presentation: Future of Finance Beyond ‘Flash Boys’: Risk Modeling for Managing Uncertainty in an Increasingly Non-Deterministic Cyber World: Knight Reconsidered: Risk, Uncertainty, and Profit for the Cyber Era: https://ssrn.com/abstract=2590258 .

CSIACAdmin

This reply was given during the webinar:

Known Bayesian priors and “rational” agents are underlying assumptions for adaptation strategies.

CSIACAdmin

This comment was given during the webinar:

More on Model Risk Arbitrage (‘Black Hat’ Offensive Cybersecurity Approach): Princeton Presentation: Beyond Model Risk Management to Model Risk Arbitrage for FinTech Era: How to Navigate ‘Uncertainty’…When ‘Models’ Are ‘Wrong’…And Knowledge’…‘Imperfect’! Knight Reconsidered Again: Risk, Uncertainty, & Profit Beyond ZIRP & NIRP: https://ssrn.com/abstract=2766099

CSIACAdmin

This comment was given during the webinar:

More on Bayesian Modeling Markov Chain Monte Carlo Models in Cybersecurity: arkov Chain Monte Carlo Models, Gibbs Sampling, & Metropolis Algorithm for High-Dimensionality Complex Stochastic Problems: https://ssrn.com/abstract=2553537

CSIACAdmin

This question was asked during the webinar:

Does the model take into consideration the critical components within the system? If so, how are they addressed?

CSIACAdmin

This comment was given during the webinar:

On Limitations of Most Quant Models in Most Domains, particularly, Cyber Security Domains: Princeton Presentation: Model Risk Management in AI, Machine Learning & Deep Learning: https://ssrn.com/abstract=3167035

CSIACAdmin

This comment was given during the webinar:

Related Cyber Risk Insurance Expert Paper for NAIC (National Association of Insurance Commissioners): Advancing Cyber Risk Insurance Underwriting Model Risk Management beyond VaR to Pre-Empt and Prevent the Forthcoming Global Cyber Insurance Crisis: https://ssrn.com/abstract=3081492

CSIACAdmin

This comment was given during the webinar:

Armed Forces Communications and Electronics Association (AFCEA) C4I and Cyber Conference Paper: Synthesizing above Presentations on Models and Model Risks: AI, Machine Learning & Deep Learning Risk Management & Controls: Beyond Deep Learning and Generative Adversarial Networks: Model Risk Management in AI, Machine Learning & Deep Learning: https://ssrn.com/abstract=3193693

CSIACAdmin

This comment was given during the webinar:

Attack trees proven useful in highly constrained ICS/SCADA systems…

CSIACAdmin

This question was asked during the webinar:

Does your Models Research distinguish between ‘Uncertainty’ and ‘Risk’?

CSIACAdmin

This question was asked during the webinar:

Does your Models Research factor both ‘Uncertainty’ and ‘Risk’ in computation?

CSIACAdmin

This question was asked during the webinar:

Is the Model available for Public Use from MITRE?

CSIACAdmin

This question was asked during the webinar:

Where can one find more details about underlying research and papers (e.g. MITRE Web site)?

CSIACAdmin

This question was asked during the webinar:

What kind of information does one input into the model?

CSIACAdmin

This question was asked during the webinar:

So in essence it is necessary to have the information from the RMF to make this model work… right or wrong?