|Proposal Title:||Quantitative Risk Management using Bayesian Networks|
|Topic Title:||Mapping of Long-term Threats, Vulnerabilities, and Impacts|
|Organization:||Open Research Inc|
|Address:||9 Green Tree CT.
Bethesda, MD 20817-1440
|Abstract:||Since 9-11, the U.S. has been more vulnerable to diffuse threats. In response to the growing threat of terrorism's attack on CI/KR and all kinds of natural and/or manmade disasters, the U.S. government must adopt more effective risk management to remediate risks and mitigate the consequence of risks. A risk is defined as a function of the likelihood of a given threat exploiting a particular vulnerability and the resulting adverse impact on assets and individuals. We propose a graph-model-based approach to explore probabilistic relationship among threats, vulnerabilities, impacts, and countermeasures. Graphical model is not only used as a visualization tool but also as causal-reasoning and decision-making assistant to rationalize and justify risk-based decision. The graph model can be constructed systematically and incrementally by accommodating experts' knowledge and the knowledge learnt from intelligence sources. Once the model is established, we can perform probabilistic inference from which risk-based decisions can be made quantitatively. This proposal extends our previous work on proactively preventing network attack and uses ORI's patent-pending techniques to automate data collection from massive and dynamic intelligence sources.|
|Period of Performance:||07/30/2008 - 02/13/2009|