Managing Uncertainty in Security Risk Model Forecasts with RAPSA/MC

  • James R. Conrad
  • Paul Oman
  • Carol Taylor
Part of the IFIP International Federation for Information Processing book series (IFIPAICT, volume 193)


This report describes an information security risk assessment process that accommodates uncertainty and can be applied to deployed systems as well as systems under development. An example is given for a critical infrastructure but the technique is applicable to other networks. RAPSA/MC extends the Risk Analysis and Probabilistic Survivability Assessment (RAPSA) systems-level process model with a Monte-Carlo (MC) technique capturing the uncertainty in expert estimates and illustrating its resulting impact on the model’s forecast. The forecast is presented as a probability density function enabling the security analyst to more effectively communicate security risks to financial decision makers. This approach may be particularly useful for visualizing the risk of an extreme event such as an unlikely but catastrophic exploit.


Security risk analysis and management Methods for dealing with incomplete or inconsistent information Critical infrastructure protection 


  1. Bishop, Matt (2003). Computer Security: Art and Science. Addison-Wesley, Boston, MA.Google Scholar
  2. Brown, Steven M. (2000). Applying internet technology to utility scada systems. Utility Automation, 5(5):25–26.Google Scholar
  3. Butler, S., Chalasani, P., Jha, S., Raz, O., and Shaw, M. (1999). The potential of portfolio analysis in guiding software decisions. First Workshop on Economics-Driven Software Engineering Research.Google Scholar
  4. Conrad, James R. (2005). Analyzing the risks of security investments with monte-carlo simulations. In Fourth Workshop on the Economics of Information Security (WEIS05), Harvard University (USA).Google Scholar
  5. Ellison, Robert J., Linger, Richard C., Longstaff, Thomas, and Mead, Nancy R. (1999). Survivable network system analysis: A case study. IEEE Software, 16(4):70–77.CrossRefGoogle Scholar
  6. Geer, Daniel E. (2001). Making choices to show ROI. Secure Business Quarterly, 1(2).Google Scholar
  7. Haimes, Yacov Y. (1998). Risk Modeling, Assessment, and Management. John Wiley and Sons, New York, NY.Google Scholar
  8. Lipton, R. J. and Snyder, L. (1977). A linear time algorithm for deciding subject security. J. ACM, 24(3):455–464.MathSciNetCrossRefGoogle Scholar
  9. Longstaff, Thomas A., Chittister, Clyde, Pethia, Rich, and Haimes, Yacov Y. (2000). Are we forgetting the risks of information technology? IEEE Computer, 33(12):43–51.Google Scholar
  10. Luo, Yi and Tu, Guangyu (2005). Who’s watching the unattended substation. IEEE Power and Energy Magazine, 3(1):59–66.CrossRefGoogle Scholar
  11. Magnusson, Christer (2005). Shareholder value and security investments. IEEE Communications Magazine, 43(1):3–4.CrossRefGoogle Scholar
  12. Oman, Paul, Schweitzer III, Edmund O., and Frincke, Deborah (2002). Concerns about intrusions into remotely accessible substation controllers and scada systems. In Proc. 27th Annual Western Protective Relay Conferences.Google Scholar
  13. Schechter, Stuart Edward (2004). Computer Security Strength and Risk: A Quantitative Approach. PhD thesis, Harvard University, Cambridge, Massachusetts.Google Scholar
  14. Software Engineering Institute (2005). Survivable systems analysis.Google Scholar
  15. Soo Hoo, Kevin J. (2000). How much is enough? A risk-management approach to computer security. Technical report, Stanford Consortium for Research on Information Security and Policy.Google Scholar
  16. Swiderski, Frank and Snyder, Window (2004). Threat Modeling. Microsoft Press, Redmond, WA.Google Scholar
  17. Taylor, Carol, Krings, Axel, and Alves-Foss, Jim (2002). Risk analysis and probabilistic survivability assessment (RAPSA): An assessment approach for power substation hardening. In ACM Workshop on the Scientific Aspects of Cyber Terrorism, Washington, D.C. ACM.Google Scholar
  18. Vose, David (2000). Risk Analysis: A Quantitative Guide. John Wiley and Sons, West Sussex, England, 2nd edition.Google Scholar
  19. Woodward, D. (2001). The hows and whys of ethernet networks in substations. Technical report, Schweitzer Engineering Labs.Google Scholar

Copyright information

© International Federation for Information Processing 2005

Authors and Affiliations

  • James R. Conrad
    • 1
  • Paul Oman
    • 1
  • Carol Taylor
    • 1
  1. 1.Department of Computer ScienceUniversity of IdahoMoscow

Personalised recommendations