Implementation of a Generic ICT Risk Model using Graph Databases

Schiebeck, Stefan; Latzenhofer, Martin; Palensky, Brigitte; Schauer, Stefan; Quirchmayr, Gerald; Benesch, Thomas; Göllner, Johannes; Meurers, Christian; Mayr, Ingo

Home // SECURWARE 2015, The Ninth International Conference on Emerging Security Information, Systems and Technologies // View article

Implementation of a Generic ICT Risk Model using Graph Databases

Authors:
Stefan Schiebeck
Martin Latzenhofer
Brigitte Palensky
Stefan Schauer
Gerald Quirchmayr
Thomas Benesch
Johannes Göllner
Christian Meurers
Ingo Mayr

Keywords: risk management; APT; ICT security; graph databases; interconnected risk model

Abstract:
Advanced Persistent Threats (APTs) impose an increasing threat on today’s information and communication technology (ICT) infrastructure. These highly-sophisticated attacks overcome the typical perimeter protection mechanisms of an organization and generate a large amount of damage. Based on a practical use case of a real-life APT lifecycle, this paper shows how APTs can be tackled using a generic ICT risk analysis framework. Further, it provides details for the implementation of this risk analysis framework using graph databases. The major benefits of this graph database approach, i.e., the simple representation of the interconnected risk model as a graph and the availability of efficient traversals over complex sections of the graph, are illustrated giving several examples.

Pages: 146 to 153

Copyright: Copyright (c) IARIA, 2015

Publication date: August 23, 2015

Published in: conference

ISSN: 2162-2116

ISBN: 978-1-61208-427-5

Location: Venice, Italy

Dates: from August 23, 2015 to August 28, 2015