Claudio Telmon

Learn More
We outline a framework for the risk assessment of information in-frastructures that generalizes the notion of dependency with respect to attributes such as confidentiality, integrity or availability. Dependencies are used to model an infrastructure at distinct abstraction levels and to discover attack strategies as well as risk mitigation plans. A plan is(More)
This paper discusses risk modeling and risk management in information and communications technology (ICT) systems for which the attack impact distribution is heavy tailed (e.g., power law distribution) and the average risk is unbounded. Systems with these properties include billing infrastructures used to charge customers for services they access. Attacks(More)
Risk management is a process that includes several steps, from vulnerability analysis to the formulation of a risk mitigation plan that selects countermeasures to be adopted. With reference to an information infrastructure, we present a risk management strategy that considers a sequence of hierarchical models, each describing dependencies among(More)
  • 1