🇺🇸Cybersecurity Risk Assessment with Bayesian Networks

Presented at the 9th Annual BayesiaLab Conference on October 14, 2021.

Abstract

Risk assessment is challenging when data is unavailable, hard to obtain, or costly to process. Organizations often request estimates from experts instead. This talk demonstrates how to integrate cybersecurity data with expert estimates using Bayesian Networks. Cybersecurity analysts, resource managers, and executives can use Bayesian Network models to perform risk assessments, select security controls, and prioritize which suspicious events to investigate first. System administrators can configure autonomous sources of data including vulnerability scanners and cybersecurity event monitoring systems to automatically update these hybrid network models alongside inputs from risk analysts and executives.

Presentation Video

Presentation Materials

About the Presenter

Corey Neskey Vice President, Quantitative Risk Hive Systems corey.neskey@hivesystems.io

Corey has been providing analyses, architecting secure environments, and leading security program implementations in IT security and risk since 2011. His career started with informing executive decision-making using algebraic data analyses for explanation, simulation, and attribution (i.e., intelligence analysis, forensics, SOC, CIRT), and optimization. His toolset expanded to more descriptive and predictive methods (i.e., machine learning/AI for risk assessment, vulnerability prioritization, event correlation). He is now developing skills for integrating these analytical areas and expanding beyond algebraic methods and static probability calculus to using Bayesian network models.