Practical Use Case Evaluation of a Generic ICT Meta-Risk Model Implemented with Graph Database Technology

Schiebeck, Stefan; Latzenhofer, Martin; Palensky, Brigitte; Schauer, Stefan; Quirchmayr, Gerald; Benesch, Thomas; Göllner, Johannes; Meurers, Christian; Mayr, Ingo

Home // International Journal On Advances in Security, volume 9, numbers 1 and 2, 2016 // View article

Practical Use Case Evaluation of a Generic ICT Meta-Risk Model Implemented with Graph Database Technology

Authors:
Stefan Schiebeck
Martin Latzenhofer
Brigitte Palensky
Stefan Schauer
Gerald Quirchmayr
Thomas Benesch
Johannes Göllner
Christian Meurers
Ingo Mayr

Keywords: risk management; APT; ICT security; physical security; graph databases; interconnected risk model

Abstract:
Advanced Persistent Threats impose an increasing threat on today’s information and communication technology infrastructure. These highly-sophisticated attacks overcome the typical perimeter protection mechanisms of an organization and generate a large amount of damage. In this article, we introduce a generic ICT meta-risk model implemented using graph databases. Due to its generic nature, the meta-risk model can be applied on both the complex case of an APT attack as well as on a conventional physical attack on an information security management system. Further, we will provide details for the implementation of the meta-risk model using graph databases. The major benefits of this graph database approach, i.e., the simple representation of the interconnected risk model as a graph and the availability of efficient traversals over complex sections of the graph, are illustrated giving several examples.

Pages: 66 to 79

Publication date: June 30, 2016

Published in: journal

ISSN: 1942-2636