VULNERABILITY THREAT EXPLOIT Reduce or eliminate the likelihood of the event happening. CONDITION POTENTIAL (passive element) EVENT CONSEQUENCE (loss) Reduce or eliminate the likelihood of the event happening. COUNTERMEASURE
DONT USE
D)
After some time, the research discovered a new countermeasure technique to protect the ADS-B system. You know that this new technique, in a thousand events, can stop the attack in 80 cases. Also, you know that the new engine follows a negative binomial distribution and does not change on time. What is the probability of stopping the attack after three thousand events?
provide the answer and the calculations.
use the Equation Editor from Word, Office, etc.
IN ORDER TO ANSWER THIS QUESTION please see the scnario in below:
several security issues in the new generation of surveillance systems applied to global aviation—the Automatic Dependent Surveillance-Broadcast (ADS-B) system. It mainly involves extracting and processing the aviation aircraft's position information and other additional information to form a clear and intuitive background map and trajectory.
However, ADS-B broadcasts information via open and unencrypted protocols, making it vulnerable to deliberate intrusions and attacks, which poses a significant security risk. each threat and provides solutions to mitigate the risk of the threat being a successful exploit.
Your task is to determine the overall risk to the system that is compromised if a vulnerability/weakness is successfully exploited by a threat source, given a specific condition. You can also apply a countermeasure (mitigation) that reduces or eliminates the condition (presence of vulnerability and the threat) or the event (exploitation). The following figure shows the basic idea of the process.
Figure 1 - Risk Assessment Process. please see the attached picture
Ultimately, the goal is to measure the probability of the system being compromised, considering the exploitation of a vulnerability/weakness and the presence of any countermeasure for the specific group of threats. You must find at least one exploitation to determine if the system is compromised.
While analyzing the dataset, we found that confidentiality threats impact around 30% of the system's compromise, integrity threats impact 40%, and availability threats 70%. It is important to cite that each group of threats is mutually independent, given the system's condition is compromised.
To determine the feasibility of the exploitation, we must consider two factors: harmful and difficult. Confidential and integrity threats are present 23% of the time when both factors are low. The other situation turns them 80% (confidential) and 60% (integrity). The situation changes when we have availability threats; the feasibility of exploitation for low factors is 10%, high factors are 97%, and the other combination is around 65%.
The presence of any mitigation strategy in the confidential threat group disables the threat and its exploitation in 35% of the cases. In the integrity threat groups, it is 45%, and in the availability groups, it is 85%.
Again no AI at all
Step by step
Solved in 2 steps