The webinar video recording will be available shortly. Thank you for your patience.
This webinar describes the Cyber Security Game (CSG). CSG is a method that has been implemented in software that quantitatively identifies cyber security risks and uses this metric to determine the optimal employment of security methods for any given investment level. Cyber Security Game maximizes a system’s ability to operate in today’s contested cyber environment by minimizing its mission risk. The risk score is calculated by using a mission impact model to compute the consequences of cyber incidents and combining that with the likelihood that attacks will succeed. The likelihood of attacks succeeding is computed by applying a threat model to a system topology model and defender model. CSG takes into account the widespread interconnectedness of cyber systems, where defenders must defend all multi-step attack paths and an attacker only needs one to succeed. It employs a game theoretic solution using a game formulation that identifies defense strategies to minimize the maximum cyber risk (MiniMax). This webinar discusses the methods and models that compose Cyber Security Game. A limited example of a Point of Sale system is used to provide specific demonstrations of CSG models and analyses.
This question was asked during the webinar:
Is there supporting tool aids or models available in open source?
This question was asked during the webinar:
Can Artificial Intelligence solutions be used to comprehensively reason about all of the possible cyber attacks?
This question was asked during the webinar:
Are there supporting tool aids or models available in open source?
This comment was mentioned during the webinar:
Boundaries of the Context (Model):
More on Model Risk Management: Princeton Presentation: Future of Finance Beyond ‘Flash Boys’: Risk Modeling for Managing Uncertainty in an Increasingly Non-Deterministic Cyber World: Knight Reconsidered: Risk, Uncertainty, and Profit for the Cyber Era: https://ssrn.com/abstract=2590258 .
This reply was given during the webinar:
Known Bayesian priors and “rational” agents are underlying assumptions for adaptation strategies.
This comment was given during the webinar:
More on Model Risk Arbitrage (‘Black Hat’ Offensive Cybersecurity Approach): Princeton Presentation: Beyond Model Risk Management to Model Risk Arbitrage for FinTech Era: How to Navigate ‘Uncertainty’…When ‘Models’ Are ‘Wrong’…And Knowledge’…‘Imperfect’! Knight Reconsidered Again: Risk, Uncertainty, & Profit Beyond ZIRP & NIRP: https://ssrn.com/abstract=2766099
This comment was given during the webinar:
More on Bayesian Modeling Markov Chain Monte Carlo Models in Cybersecurity: arkov Chain Monte Carlo Models, Gibbs Sampling, & Metropolis Algorithm for High-Dimensionality Complex Stochastic Problems: https://ssrn.com/abstract=2553537
This question was asked during the webinar:
Does the model take into consideration the critical components within the system? If so, how are they addressed?
This comment was given during the webinar:
On Limitations of Most Quant Models in Most Domains, particularly, Cyber Security Domains: Princeton Presentation: Model Risk Management in AI, Machine Learning & Deep Learning: https://ssrn.com/abstract=3167035
This comment was given during the webinar:
Related Cyber Risk Insurance Expert Paper for NAIC (National Association of Insurance Commissioners): Advancing Cyber Risk Insurance Underwriting Model Risk Management beyond VaR to Pre-Empt and Prevent the Forthcoming Global Cyber Insurance Crisis: https://ssrn.com/abstract=3081492
This comment was given during the webinar:
Armed Forces Communications and Electronics Association (AFCEA) C4I and Cyber Conference Paper: Synthesizing above Presentations on Models and Model Risks: AI, Machine Learning & Deep Learning Risk Management & Controls: Beyond Deep Learning and Generative Adversarial Networks: Model Risk Management in AI, Machine Learning & Deep Learning: https://ssrn.com/abstract=3193693
This comment was given during the webinar:
Attack trees proven useful in highly constrained ICS/SCADA systems…
This question was asked during the webinar:
Does your Models Research distinguish between ‘Uncertainty’ and ‘Risk’?
This question was asked during the webinar:
Does your Models Research factor both ‘Uncertainty’ and ‘Risk’ in computation?
This question was asked during the webinar:
Is the Model available for Public Use from MITRE?
This question was asked during the webinar:
Where can one find more details about underlying research and papers (e.g. MITRE Web site)?
This question was asked during the webinar:
What kind of information does one input into the model?
This question was asked during the webinar:
So in essence it is necessary to have the information from the RMF to make this model work… right or wrong?