Cyber Security Game: A Model-based Game Theoretic Approach for Mitigating Cybersecurity Risk

This webinar describes the Cyber Security Game (CSG). CSG is a method that has been implemented in software that quantitatively identifies cyber security risks and uses this metric to determine the optimal employment of security methods for any given investment level. Cyber Security Game maximizes a system’s ability to operate in today’s contested cyber environment by minimizing its mission risk. The risk score is calculated by using a mission impact model to compute the consequences of cyber incidents and combining that with the likelihood that attacks will succeed. The likelihood of attacks succeeding is computed by applying a threat model to a system topology model and defender model. CSG takes into account the widespread interconnectedness of cyber systems, where defenders must defend all multi-step attack paths and an attacker only needs one to succeed. It employs a game theoretic solution using a game formulation that identifies defense strategies to minimize the maximum cyber risk (MiniMax). This webinar discusses the methods and models that compose Cyber Security Game. A limited example of a Point of Sale system is used to provide specific demonstrations of CSG models and analyses.