A Methodology for Dynamic Security Risks Assessment in Interconnected IT Systems

Published online: Jan 15, 2024 Full Text: PDF (2.88 MiB) DOI: https://doi.org/10.24138/jcomss-2023-0128
Cite this paper
Authors:
Seraj Fayyad, Ahmad Alkhatib, Farhan Abdel-Fattah, Hani Almimi

Abstract

The network of any IT system is subject to continuous changes, such as the addition of new nodes, software installations, and the emergence of new vulnerabilities. On the other hand, the importance of nodes within the IT system’s network varies due to various factors, impacting the severity of potential node exploitation. Additionally, the interconnected nature of the nodes means that the security of each node is interdependent on the others nodes. In this context, effective risk assessment methodologies that consider the factors which impact the security of the system are crucial. This paper introduces an innovative methodology that takes into account the aforementioned factors. The proposed approach evaluates vulnerabilities, interconnections, and dynamic changes to deliver a comprehensive and up-to-date security risk assessment. By employing this methodology, administrators gain better control over system security with dynamic evaluations that support wellinformed decisions. Furthermore, the methodology facilitates risk assessment for specific nodes and enables the quantification of their security levels. Due to a thorough assessment, the proposed methodology empowers IT administrators to improve the overall security of the system.

Keywords

Risk assessment, Interconnections, Attack graph, IDS, node improtant degree, Security risks, Impact of changes, Quantifying security implications, Exploitability, Security control
Creative Commons License 4.0
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.