Claudio Telmon

  • Citations Per Year
Learn More
Risk management is a process that includes several steps, from vulnerability analysis to the formulation of a risk mitigation plan that selects countermeasures to be adopted. With reference to an information infrastructure, we present a risk management strategy that considers a sequence of hierarchical models, each describing dependencies among(More)
We outline a framework for the risk assessment of information infrastructures that generalizes the notion of dependency with respect to attributes such as confidentiality, integrity or availability. Dependencies are used to model an infrastructure at distinct abstraction levels and to discover attack strategies as well as risk mitigation plans. A plan is(More)
The most critical steps in the risk assessment of a system are the discovery of attacks against the system as well as the computation of the probabilities that attacks are successful and their impacts. We present a framework to support these steps driven by a detailed simulation of the attacks implemented by intelligent threat agents. The framework can(More)
This paper discusses risk modeling and risk management in information and communications technology (ICT) systems for which the attack impact distribution is heavy tailed (e.g., power law distribution) and the average risk is unbounded. Systems with these properties include billing infrastructures used to charge customers for services they access. Attacks(More)
  • 1