Cyber Risk Scoring and Mitigation for Resilient Cyber Infrastructure

Security metrics play a key role in supporting cyber risk management and mitigation decisions for critical infrastructures. The availability of quantitative insights ensures operational resilience and assists in the development of cost-effective mitigation plans. The resilient operation of critical infrastructures will depend on tools that can aid in continuous cyber resilience assessment. In this talk, I will present theoretical techniques and tools for security risk scoring and prioritized cyber defense remediation plan for effective cyber risk management. I will present cyber risk scoring techniques based on attack and vulnerability graph modeling and cyber defense remediation techniques based on optimal resource allocation modeling. I will also present the Cyber Risk Scoring and Mitigation (CRISM) tool that provides cyber risk scores and a prioritized mitigation plan based on vulnerability detection, attack graph modeling, and risk assessment. A demonstration of the CRISM tool will conclude the talk.