Abstract:

As the world becomes more globalized and digitized, Information and Communication Technology (ICT) security within enterprises is gaining increasing importance. Security evaluation ICT systems has always been a challenging processes, especially since the cyber threat landscape is always changing and is filled with uncertainty. In this paper, we examine the use of stochastic methods for assessing ICT security by providing a probabilistic approach to estimate uncertainties associated with threats, system weaknesses, and mitigation methods. Using Markov chains, Monte Carlo and Bayesian networks, as well as, stochastic game theory, allows organizations to model more intricate attack scenarios and estimate breach probabilities accurately. These approaches give analysts the ability to evaluate risk quantitatively, enabling them to prioritize and take corrective measures, and make decisions under uncertain condition. The paper discusses other such case studies and their implementations emphasizing the role of stochastic modeling in adaptive resilient security policy formulation. Stochastic techniques offer great flexibility when coping with rapid and arbitrary changes to work environment, thus ICT security becomes easier to manage with added stochastic models and other unconventional approaches.