DEXi representation Sample Clauses

DEXi representation. In the DEXi model, a risk node has two sub-nodes, one representing the likelihood and one representing the consequence for the asset in question. Figure 14 shows the DEXi-representation of the CORAS fragment shown in Figure 13, where R1 represents the risk, l_U1 represents the likelihood of the incident U1, and c_U1_A1 represents the consequence of U1 for asset A1. Notice that in the CORAS diagram, the risk does not have a separate name as it is not represented by a separate node, but by the combination of the incident, the asset and the relation between them. Moreover, although the number/index is identical for the risk, the incident, and the asset in this particular example, this need not necessarily be the case.
View SourceView Similar (2)
DEXi representation. Figure 24 shows a DEXi fragment corresponding to the CORAS fragment in Figure 23. Here, there is one direct sub-node (which is also a leaf-node, and hence shown as a triangle) to the root node for each attached indicator. Hence, the likelihood of the root node (l_S1) depends on these indicators. Before the utility function of l_S1 can be defined, an ordered scale has to be defined for each indicator. Although the indicators do not necessarily represent a likelihood, we make sure to define the scale in such that a low value implies a low risk contribution. For example, assume that a threat scenario representing initiation of a HTTP Request/Response splitting is included in a risk model for client-server protocol manipulation. To this threat scenario, we attach the indicator 'Has any network reconnaissance attempt been detected in the past?' Since this is a yes/no question, the scale for the indicator only has two steps: Yes and No. A positive answer may indicate that someone has tried to prepare for an attack, and hence an increased likelihood. Therefore, for this indicator scale, the order from lowest to highest value would be No; Yes.
View Source
DEXi representation. Figure 28 shows a DEXi fragment used to trigger a proposal for implementing mitigation M1.
View Source
DEXi representation. Figure 23 shows a DEXi fragment used to trigger a proposal for implementing mitigation M1. The scale of the root node M1 has only two steps: No and Yes. If the value is Yes, this means that the system should propose M1 as a mitigation option (possibly one among many). This should only be done if the following holds: 1) At least one risk that M1 has the potential to reduce is sufficiently high to warrant the proposal, and 2) the contribution to this risk from the branch to which M1 is attached is sufficiently high that a reduction of this contribution can significantly reduce the risk level. According to Figure 22, the only risk that M1 has the potential to reduce is the risk of incident U1 harming asset A1. In Figure 23, this is represented by R1. Hence, the first condition above is only fulfilled if R1 is sufficiently high. Moreover, the second condition is only fulfilled if the contribution to risk R1 from the branch that includes S1 is also sufficiently high. Therefore, the root node M1 has two direct sub-nodes: R1, representing the relevant risk level (and hence the first condition above), and l_S1_to_U1, representing the likelihood contribution from S1 to U1 (and hence the second condition above).
View Source