The Graded Security Model (GSM) addresses the IT Security cost optimization, problem by trying to find an answer to the following question: ”For a certain budget level, in which IT security measures should be invested to achieve the highest possible overall security level?” This paper describes how reliability engineering can be applied to solve the GSM optimization problem. The organization’s IT security measures are represented in a reliability block diagram, which in turn can be translated to an undirected graph. The total reliability of the diagram can be calculated after the identification of Minimal Cut Sets (MCSs). Cellular Automata (CA) are combined with Monte Carlo (MC) sampling to allow the identification of all MCSs. This approach allows the replacement of every possible user provided diagram by a series structure of parallel components, for which the total reliability can always be calculated. Additionally, this new model allows the calculation of cut set criticalities and component Fussell-Vesely (FV) importance values. All implementations have been realized with the Artificial Intelligence (AI) platform CoCoViLa.
Published in: 12th Symposium on Programming Languages and Software Tools, SPLST’11 : Tallinn, Estonia, 5-7 October 2011, Proceedings.
Alberghs, G.; Grigorenko, P.; Kivimaa, J. (2011). Quantitative system reliability approach for optimizing IT security costs in an AI environment. In: 12th Symposium on Programming Languages and Software Tools, SPLST’11 : Tallinn, Estonia, 5-7 October 2011, Proceedings: (Eds.) Penjam, Jaan. Tallinn: TUT Press, 2011, 219 – 230.