Practical Use Case Evaluation of a Generic ICT Meta-Risk Model Implemented with Graph Database Technology

Practical Use Case Evaluation of a Generic ICT Meta-Risk Model Implemented with Graph Database Technology

Abstract

Advanced Persistent Threats impose an increasing threat on today’s information and communication technology infrastructure. These highly-sophisticated attacks overcome the typical perimeter protection mechanisms of an organization and generate a large amount of damage. In this article, we introduce a generic ICT meta-risk model implemented using graph databases. Due to its generic nature, the meta-risk model can be applied on both the complex case of an APT attack as well as on a conventional physical attack on an information security management system. Further, we will provide details for the implementation of the meta-risk model using graph databases. The major benefits of this graph database approach, i.e., the simple representation of the interconnected risk model as a graph and the availability of efficient traversals over complex sections of the graph, are illustrated giving several examples.

Grafik Top
Authors
  • Schiebeck, Stefan
  • Latzenhofer, Martin
  • Palensky, Brigitte
  • Schauer, Stefan
  • Quirchmayr, Gerald
  • Benesch, Thomas
  • Göllner, Johannes
  • Meurers, Christian
  • Mayr, Ingo
Grafik Top
Shortfacts
Category
Journal Paper
Divisions
Multimedia Information Systems
Journal or Publication Title
International Journal on Advances in Security
ISSN
1942-2636
Publisher
IARIA
Place of Publication
Wilmington, Delaware
Page Range
pp. 66-79
Number
1 & 2
Volume
9
Date
2016
Export
Grafik Top