Security Crisis Management Emmanuel FUCHS Slides available soon at - - PowerPoint PPT Presentation

Security Crisis Management

Emmanuel FUCHS Slides available soon at www.Elfuchs.Fr

Crisis Management

• Crisis Definition
• Crisis Management Overview
• Crisis Management Process
• Risk Analysis

– Risk Analysis Case (quantitative) – Risk Aversion – Risk Analysis in Project Management (qualitative)

• Risks Analysis Modeling
• Crisis Management System

– Common situation awareness – Even Driven Architecture

Crisis management system

Yes I start by the end !

Definition

• A crisis can be defined as any

unplanned event, occurrence or sequence of events that has a specific undesirable consequence.

Crisis Management

• Crisis Definition
• Crisis Management Overview
• Crisis Management Process
• Risk Analysis

– Risk Analysis Case (quantitative) – Risk Aversion – Risk Analysis in Project Management (qualitative)

• Risks Analysis Modeling
• Crisis Management System

– Common situation awareness – Even Driven Architecture

Crises examples

• Natural disasters,
• Financial manipulation,
• Pollution,
• Terrorism,

Crisis management

• Coordination

– Effective coordination of activities among the

• rganizations having a management/response role;
• Warning

– Early warning and clear instructions to all concerned if a crisis occurs;

• Decision

– Continued assessment of actual and potential consequences of the crisis;

• Continuity

– Continuity of business operations during and immediately after the crisis.

Crisis management planning

Event Prepare Plan Execute Plan

Crisis management planning

• Develop

– Policy, strategy, priority, controls.

• Test

– Planning gaps.

• Train

– Prepare staff.

• Maintain

– Update, improve.

Contingency plan content

• Objective of the plan:

– Continue normal operations, continue in a degraded mode, abort the function as quickly as safely possible,

• Criteria for invoking the plan:

– Local disaster, experiencing serious system failures,

• Expected life of the plan:

– How long can operations continue in contingency

• perating mode?
• Roles, responsibilities and authority

Contingency plan content

• Training on and testing of plans
• Procedures for operating in contingency mode
• Resource plan for operating in contingency

mode:

– Staffing, scheduling, materials, supplies, facilities, temporary hardware and software, communications, …

• Criteria for returning to normal operating mode
• Procedures for returning to normal operating

mode

• Procedures for recovering lost or damaged data

Crisis Management

• Crisis Definition
• Crisis Management Overview
• Crisis Management Process
• Risk Analysis

– Risk Analysis Case (quantitative) – Risk Aversion – Risk Analysis in Project Management (qualitative)

• Risks Analysis Modeling
• Crisis Management System

– Common situation awareness – Even Driven Architecture

Risk management

• The term risk management is applied in a

number of diverse disciplines.

• Statistics, economics, psychology, social

sciences, biology, engineering, toxicology, systems analysis, operations research, decision theory

Crisis management process loop

Preparation Response Rebuild Mitigation

Crisis management process loop

• Mitigation

– Long-term measures for reducing or eliminating risk. (Risk analysis)

• Preparedness

– Develop plans of action (command).

• Response

– Activate and control on the field actors.

• Recovery

– Rebuild and restart normal activities.

Process phase

Event Risk analysis Mitigation Preparedness Response Recovery

Mitigation

Earthquake Resistant Technologies

Preparedness

Response

Crisis Management

• Crisis Definition
• Crisis Management Overview
• Crisis Management Process
• Risk Analysis

– Risk Analysis Case (quantitative) – Risk Aversion – Risk Analysis in Project Management (qualitative)

• Risks Analysis Modeling
• Crisis Management System

– Common situation awareness – Even Driven Architecture

Risk analysis goal

• A procedure to identify threats & vulnerabilities,

analyze them to verify the exposures, and highlight how the impact can be eliminated or reduced.

• Risk analysis goal:

– To commensurate (balanced) security measures with the risks applicable. – To establish where to invest security budget for the best return.

Risk and uncertainty

• Uncertainty frequently impacts our decisions and

actions.

• When we talk about risk, we mean the chance

that some undesirable impact will occur.

• Hence, we normally seek to avoid or minimize

risk.

Risk analysis

• Risk analysis tries to answer the

questions:

– 1) what can happen ? – 2) how likely is it to happen ? – 3) given that it occurs, what are the consequences ?

Crisis Management

• Crisis Definition
• Crisis Management Overview
• Crisis Management Process
• Risk Analysis

– Risk Analysis Case (quantitative) – Risk Aversion – Risk Analysis in Project Management (qualitative)

• Risks Analysis Modeling
• Crisis Management System

– Common situation awareness – Even Driven Architecture

Risk analysis case

• Very Expensive

Painting

Very Expensive Painting

Vincent Van Gogh Chaumes de Cordeville - 1890

Risk analysis case

• Vulnerability : no burglar alarm system
• Threat : burglary
• Countermeasure : install anti-burglar

system

Anti-burglar system

Risk analysis case

• Value of the painting : 100 000 euros
• Value of the anti-burglar : 2000 euros
• Probability of burglary : 1%
• Value of the risk : 100 000 euros x 1%
• Risk = 1000 euros

anti-burglar system more expensive than the risk !

Crisis Management

• Crisis Definition
• Crisis Management Overview
• Crisis Management Process
• Risk Analysis

– Risk Analysis Case (quantitative) – Risk Aversion – Risk Analysis in Project Management (qualitative)

• Risks Analysis Modeling
• Crisis Management System

– Common situation awareness – Even Driven Architecture

Coin toss

• P(Coin=heads) = 0.5
• P(Coin=tails)= 0.5

Coin toss

• Coin flipping, coin head or tail game
• Two coin toss

– That gains $50 or breaks even, – That gains $150 or loses $100,

• The average or 'expected' outcome of both

tosses is $25.

Action, Utility and Probability

• Actions :

– You have a set of possible actions you can take.

• Utilities

– Each end result has a utility:

• a measure of how desirable it is.
• Unknowns

– These will have probability distributions over possible values.

Crisis Management

• Crisis Definition
• Crisis Management Overview
• Crisis Management Process
• Risk Analysis

– Risk Analysis Case (quantitative) – Risk Aversion – Risk Analysis in Project Management (qualitative)

• Risks Analysis Modeling
• Crisis Management System

– Common situation awareness – Even Driven Architecture

Risk impact assessment. In project management

• Risk impact is the effect on project
• bjectives if the risk occurs, which may be

a negative effect (threat) or a positive effect (opportunity).

• Risk is the effect “positive” or “negative” of

an event.

Risk analysis in project management

• Risk probability and risk impact may be

described in qualitative way :

– Unacceptable (red area) – Acceptable, but risk reduction measures needs to be considered (yellow area) – Unconditionally acceptable ie the risk is negligible (green area)

Risk analysis in project management

consequence probability

Project risk management

ID Risk

• Probab. Impact

Preventive/Corrective Action

R01 Schedule slippage and slow progress in general Medium High Strong project management and full commitment to the project from senior management within each partner

• rganisation Application of management

principles/tools proven in comparable projects R02 Under-estimation of the required effort Low Medium Monitor the planned versus actual effort per task. Early warning in quarterly status

• reviews. Timely team reinforcement

R03 Change of key-personnel Low High Standardising the way of working across the various teams. Definition of resources backup policy for fast compensation and substitution R04 Unstable or inconsistent requirements. Medium Medium Requirements changes impacts to be pointed out as soon as they arise. Early agreed requirements document R05 Technical difficulties in harmonisation, adaptation and integration of software components Medium Medium Early assessment of software risks. Early definition of standards, interfaces,

• conventions. Structured software

development process R06 The identified user requirements are not feasible within the scope

• f the project

Low High Manage the user requirements analysis process in order to ensure that expectations are realistic Clearly prioritise those functions that will be essential for the prototype

Risks evaluation

LOW MEDIUM HIGH HIGH MEDIUM R04 R05 R01 LOW R02 R03 R06

IMPACT P R O B A B I L I T Y

Crisis Management

• Crisis Definition
• Crisis Management Overview
• Crisis Management Process
• Risk Analysis

– Risk Analysis Case (quantitative) – Risk Aversion – Risk Analysis in Project Management (qualitative)

• Risks Analysis Modeling
• Crisis Management System

– Common situation awareness – Even Driven Architecture

Risk elements

• Event: what could happen?
• Probability: how likely is it to happen?
• Impact: how bad will it be if it happens?
• Mitigation: how to reduce the probability and by

how much?

• Contingency: how to reduce the impact and by

how much?

• Reduction = mitigation x contingency
• Exposure = risk – reduction

Types of risk analysis

• Quantitative risk analysis

– The probability of an event occurring – The likely loss should it occur.

• Probability x likely loss
• Qualitative risk analysis

– Focuses on the impact – Risk model

Qualitative risk analysis model

• Threats
• Vulnerabilities
• Controls

Qualitative risk analysis model

• Threats

– Things that can go wrong or that can 'attack' the system.

• Examples might include fire or fraud.

– Threats are ever present for every system.

Threats

• Human

– From individuals or organizations, illness, death, etc.

• Operational

– From disruption to supplies and operations, loss of access to essential assets, failures in distribution, etc.

• Reputation

– From loss of business partner or employee confidence, or damage to reputation in the market.

• Procedural

– From failures of accountability, internal systems and controls, organization, fraud, etc.

• Project

– Risks of cost over-runs, jobs taking too long, of insufficient product or service quality, etc.

• Financial

– From business failure, stock market, interest rates, unemployment, etc.

• Technical

– From advances in technology, technical failure, etc.

• Natural

– Threats from weather, natural disaster, accident, disease, etc.

• Political

– From changes in tax regimes, public opinion, government policy, foreign influence, etc.

Natural threats

• Flooding,
• Fire,
• Seismic activity,
• High winds,
• Snow and ice storms,
• Volcanic eruption,
• Tornado, hurricane,
• Epidemic,
• Tidal wave, typhoon.

Modeling And Simulation

Hurricanes

Technical threats

• Power failure/fluctuation,
• Heating,
• Ventilation or air conditioning failure, malfunction
• r failure of CPU,
• Failure of system software,
• Failure of application software,
• Telecommunications failure,
• Gas leaks,
• Communications failure,
• Nuclear fallout.

Human threats

• Robbery,
• Bomb threats,
• Embezzlement,
• Extortion,
• Burglary,
• Vandalism,
• Terrorism,
• Civil disorder,
• Chemical spill,
• Sabotage,
• Explosion,
• War,
• Biological contamination,
• Radiation contamination,
• Hazardous waste,
• Vehicle crash,
• Airport proximity,
• Work stoppage (strike)
• Computer crime.

Qualitative risk analysis model

• Vulnerabilities

– Make a system more prone to attack by a threat or make an attack more likely to have some success or impact.

• For example, for fire a vulnerability would be the

presence of inflammable materials (e.G. Paper).

• Software Complexity

Qualitative risk analysis model

• Controls

– Countermeasures for vulnerabilities. – There are four types of controls:

• Deterrent (dissuasive) controls

– Reduce the likelihood of a deliberate attack

• Preventative controls

– Protect vulnerabilities and make an attack unsuccessful or reduce its impact

• Corrective controls

– Reduce the effect of an attack

• Detective controls

– Discover attacks and trigger preventative or corrective controls.

Qualitative risk analysis model

THREAT Fire Software Error VULNERABILITY Presence of Flammable materials Complexity CONTROLS Sprinklers Extinguishers Design and development, standards, Change control.

Qualitative risk analysis model

Attack Threat creates Vulnerabilty Results in eploits Impact

Attack Threat creates Corrective Control Vulnerabilty Detective Control Deterrent control Preventative control Triggers Reduces likelihood of Results in Reduces eploits Impact Decreases discovers protects Triggers

Qualitative risk analysis model

Risk management process

Establish Context Identify Risks Analyze Risks Evaluate Risks

Opportunities & Losses

Likelihood & Severity Ranked & Prioritized Treat Risks

Crisis Management

• Crisis Definition
• Crisis Management Overview
• Crisis Management Process
• Risk Analysis

– Risk Analysis Case (quantitative) – Risk Aversion – Risk Analysis in Project Management (qualitative)

• Risks Analysis Modeling
• Crisis Management System

– Common situation awareness – Even Driven Architecture

Crisis management system

Incident management system

• Provide the pertinent, accurate information you need to make critical

decisions.

• Deploy personnel, equipment, communication, facilities and

procedures effectively and efficiently.

• Give access to information to plan, direct, coordinate and control

resources.

• Foster collaboration and coordination with other command control

systems.

• Deliver secure, dependable systems on time and within budget.

Incident management system

Emergency response organization

Strategic Big Picture Operational Tactical First Responder

Risk Assessment Planning tools Environment (Urban area, weather) emergency centers (Operative Level)

Higher level Response (Strategic level)

Low response Cell (Tactical Level) Simulation Framework Critical Assets M&S System Management First Responders Units Resource Mgt (logistic, …)

Emergency system architecture

Crisis management schedule

The incident Crisis Management Real Time On line Preparation Non real time Off line incident response phase

Crisis management system functions

• Command and control

– To provide the functions necessary to put multiple response and recovery plans into action

• Communication and intelligence

– To effectively receive and transmit information

• Coordination and documentation

– To organize all of the steps taken to respond to an event and create a record of those actions to protect employees, infrastructure and shareholder value

• Automated checklists

– To ensure that response and recovery is complete for major functions

• Alert notifications

– To sort and distribute messages so managers/commanders can track and log multiple and varied notifications

• Media management

– To inform the media about the progress the company is making toward normal

• perations

Emergency system architecture

Emergency system architecture

Crisis Management

• Crisis Definition
• Crisis Management Overview
• Crisis Management Process
• Risk Analysis

– Risk Analysis Case (quantitative) – Risk Aversion – Risk Analysis in Project Management (qualitative)

• Risks Analysis Modeling
• Crisis Management System

– Common situation awareness – Even Driven Architecture

Distributed crisis management system

• All participants have to share information, make decisions and

deploy resources without being physically present in the same place.

• Using web-enabled software allows participants to work from their

normal workstation, from home or from the field.

• Emergency plans and reports are available from any location.
• All information can be maintained in a central database that is

available to participants from anywhere in the world.

Geographical information system

geo-referenced information: information that is associated with a physical location

Common situation awareness

• Annotations and markups
• Data sharing and synchronization
• Chat
• Data acquisition
• Geospatial collaboration
• Asset tracking: blue force tracking, location-based

services

• Decentralized data editing
• Fusion of geospatial data
• Neutral and trusted workspace
• Sensor integration
• Reporting
• Web-based services

Web services based distributed emergency system architecture

Components Services Services Orchestration Emergency Work Flow Middleware

Transform Use Expose

Crisis Management

• Crisis Definition
• Crisis Management Overview
• Crisis Management Process
• Risk Analysis

– Risk Analysis Case (quantitative) – Risk Aversion – Risk Analysis in Project Management (qualitative)

• Risks Analysis Modeling
• Crisis Management System

– Common situation awareness – Even Driven Architecture

Events Driven Architecture

• Ontology
• Complex Event Processing
• Bayesian Networks

Protege

Complex Event Processing (CEP)

• It is an event processing concept that

deals with the task of processing multiple events with the goal of identifying the meaningful events within the event cloud.

CEP classical example

• A church bells ringing,
• The appearance of a man in a tuxedo with

a woman in a flowing white gown,

• Rice flying through the air.
• A complex event is what one infers from

the simple events:

– a wedding is happening.

Complex Event Inference

? ? ? ?

Threat Process Inference

? ? ? ?

CEP techniques

• Complex patterns events,
• Multiple events correlation,
• Multiple events hierarchies,
• Relationships between events:

– timing – causality, – membership, – event-driven processes.

Bayesian Networks

Bayes theorem models a learning process

A B C

P(A,B,C) = P(C/A)P(A)

A B C

P(A,B,C) = P(C/A,B)P(A)P(B)

A B C

P(A,B,C) = P(C/A,B)P(A/B)P(B)

Event B is independent of events A and C, Event C depends on event A. Event B is independent of events A and C. Event C depends on events A and B. Event B is independent of events A, C. Event B influences both A and C. Event A depends on event B. Event C depends on events A and B.

BN classical example

• What is the probability

that it is raining, given the grass is wet?

Wet grass Raining

BN classical example

• Suppose that there

are two events which could cause grass to be wet either:

– the sprinkler is on – or it's raining.

BN, Nodes, CPT

CPT : Conditional Probability Table

Bayesian Networks

• A Bayesian network is a graph in which

nodes represent random variables, and the links the influences between variables. The graph is acyclique.

• Links represent causal relationship

between variables which are either determinists, or probability.

Bayesian Inference

• P(Bad Battery | Has Gas, Won’t Start)

Battery Start Gas

Not Only Probability

A B

~a b

C ~a~b ~ab ab ~a~b

Bayesian subjectivity

• Bayesians networks allow to merge in a

theoretical frame:

– probability stemming from a statistical experience feedback, – and subjective probability.

• Thus In the absence of experience

feedback data, it is possible to used values of subjective probability, estimated by experts.

Norsys NETICA

A simple example belief network for diagnosing why a car won't start, based on spark plugs, headlights, main fuse, etc.

Car Case

Bayesians Net Propagation

• The most important use of Bayesiens

networks is the revision of the probability in the light of the observation

• f events.
• Taking in account events observations by

putting corresponding event probability to 1 and to update all other probability in the bayesien network is called Propagation.

Conclusion

Thank you for your attention

Questions are welcome Contacts : Emmanuel.Fuchs@thalesraytheon-fr.Com Slides available at www.elfuchs.fr