VULNERABILITY THREAT EXPLOIT Reduce or eliminate the likelihood of the event happening. CONDITION POTENTIAL (passive element) EVENT CONSEQUENCE (loss) Reduce or eliminate the likelihood of the event happening. COUNTERMEASURE

Database System Concepts
7th Edition
ISBN:9780078022159
Author:Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Publisher:Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Chapter1: Introduction
Section: Chapter Questions
Problem 1PE
icon
Related questions
Question

DONT USE AI AT ALL

D)

After some time, the research discovered a new countermeasure technique to protect the ADS-B system. You know that this new technique, in a thousand events, can stop the attack in 80 cases. Also, you know that the new engine follows a negative binomial distribution and does not change on time. What is the probability of stopping the attack after three thousand events?

 provide the answer and the calculations.

 use the Equation Editor from Word, Office, etc.

IN ORDER TO ANSWER THIS QUESTION  please see the scnario in below:

 several security issues in the new generation of surveillance systems applied to global aviation—the Automatic Dependent Surveillance-Broadcast (ADS-B) system. It mainly involves extracting and processing the aviation aircraft's position information and other additional information to form a clear and intuitive background map and trajectory.
However, ADS-B broadcasts information via open and unencrypted protocols, making it vulnerable to deliberate intrusions and attacks, which poses a significant security risk.  each threat and provides solutions to mitigate the risk of the threat being a successful exploit.
Your task is to determine the overall risk to the system that is compromised if a vulnerability/weakness is successfully exploited by a threat source, given a specific condition. You can also apply a countermeasure (mitigation) that reduces or eliminates the condition (presence of vulnerability and the threat) or the event (exploitation). The following figure shows the basic idea of the process.


Figure 1 - Risk Assessment Process. please see the attached picture

Ultimately, the goal is to measure the probability of the system being compromised, considering the exploitation of a vulnerability/weakness and the presence of any countermeasure for the specific group of threats. You must find at least one exploitation to determine if the system is compromised.
While analyzing the dataset, we found that confidentiality threats impact around 30% of the system's compromise, integrity threats impact 40%, and availability threats 70%. It is important to cite that each group of threats is mutually independent, given the system's condition is compromised.
To determine the feasibility of the exploitation, we must consider two factors: harmful and difficult. Confidential and integrity threats are present 23% of the time when both factors are low. The other situation turns them 80% (confidential) and 60% (integrity). The situation changes when we have availability threats; the feasibility of exploitation for low factors is 10%, high factors are 97%, and the other combination is around 65%.
The presence of any mitigation strategy in the confidential threat group disables the threat and its exploitation in 35% of the cases. In the integrity threat groups, it is 45%, and in the availability groups, it is 85%.

Again no AI at all

 
 
VULNERABILITY
THREAT
EXPLOIT
Reduce or eliminate the
likelihood of the event
happening.
CONDITION
POTENTIAL
(passive
element)
EVENT
CONSEQUENCE
(loss)
Reduce or eliminate the
likelihood of the event
happening.
COUNTERMEASURE
Transcribed Image Text:VULNERABILITY THREAT EXPLOIT Reduce or eliminate the likelihood of the event happening. CONDITION POTENTIAL (passive element) EVENT CONSEQUENCE (loss) Reduce or eliminate the likelihood of the event happening. COUNTERMEASURE
Expert Solution
steps

Step by step

Solved in 2 steps

Blurred answer
Similar questions
  • SEE MORE QUESTIONS
Recommended textbooks for you
Database System Concepts
Database System Concepts
Computer Science
ISBN:
9780078022159
Author:
Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Publisher:
McGraw-Hill Education
Starting Out with Python (4th Edition)
Starting Out with Python (4th Edition)
Computer Science
ISBN:
9780134444321
Author:
Tony Gaddis
Publisher:
PEARSON
Digital Fundamentals (11th Edition)
Digital Fundamentals (11th Edition)
Computer Science
ISBN:
9780132737968
Author:
Thomas L. Floyd
Publisher:
PEARSON
C How to Program (8th Edition)
C How to Program (8th Edition)
Computer Science
ISBN:
9780133976892
Author:
Paul J. Deitel, Harvey Deitel
Publisher:
PEARSON
Database Systems: Design, Implementation, & Manag…
Database Systems: Design, Implementation, & Manag…
Computer Science
ISBN:
9781337627900
Author:
Carlos Coronel, Steven Morris
Publisher:
Cengage Learning
Programmable Logic Controllers
Programmable Logic Controllers
Computer Science
ISBN:
9780073373843
Author:
Frank D. Petruzella
Publisher:
McGraw-Hill Education