Nowadays, securing the IT infrastructure is an ongoing task in every company and organization. For small and medium-sized enterprises, this task is challenging because of its complexity and the related costs. Especially the risk assessment of threats and the choice of appropriate countermeasures is hard to handle by this kind of enterprises. Using the example of a ransomware attack, this paper describes how to use a method for risk assessment on the basis of attack defence graphs and Monte Carlo simulations. The details of the simulation algorithm are explained and formal aspects are considered.
The choice of defense strategies in IT-security is often guided by qualitative methods only. For common scenarios like securing desktop computers, web servers, or extranets, there are well accepted best practices for establishing a secure environment. For other scenarios like computers in production environments (often referred as "Industry 4.0") this is not the case. To secure such systems, there are a number of options, but their relevance for a certain application is less clear and is specific for the situation. Especially, for small and medium enterprises it is often unclear, which security measures to apply in their production. This paper describes a method based on attack defense trees, which allows to assess the value of defense measures based on simulated attacks.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.