| Prologue |
|
xiv | |
| Reviews |
|
xv | |
| Preface |
|
xxi | |
| Acknowledgments and Dedication |
|
xxix | |
| About the Author |
|
xxxi | |
| 1 Metrics, Statistical Quality Control, and Basic Reliability in Cyber-Risk |
|
1 | (60) |
|
1.1 Deterministic and Stochastic Cyber-Risk Metrics |
|
|
1 | (1) |
|
1.2 Statistical Risk Analysis |
|
|
2 | (14) |
|
1.2.1 Introduction to Statistical Hypotheses |
|
|
2 | (1) |
|
|
|
3 | (1) |
|
|
|
4 | (1) |
|
|
|
4 | (2) |
|
|
|
6 | (1) |
|
1.2.6 Applications to One-Tailed Tests Associated with Both Type I and Type II Errors |
|
|
7 | (4) |
|
1.2.7 Applications to Two-Tailed Tests (Normal Distribution Assumption) |
|
|
11 | (5) |
|
1.3 Acceptance Sampling in Quality Control |
|
|
16 | (3) |
|
|
|
16 | (1) |
|
1.3.2 Definition of an Acceptance Sampling Plan |
|
|
16 | (1) |
|
|
|
16 | (3) |
|
1.4 Poisson and Normal Approximation to Binomial in Quality Control |
|
|
19 | (2) |
|
1.4.1 Approximations to Binomial Distribution |
|
|
19 | (1) |
|
1.4.2 Approximation of Binomial to Poisson Distribution |
|
|
19 | (1) |
|
1.4.3 Approximation to Normal Distribution |
|
|
20 | (1) |
|
1.4.4 Comparisons of Normal and Poisson Approximations to the Binomial |
|
|
21 | (1) |
|
1.5 Basic Statistical Reliability Concepts and MC Simulators |
|
|
21 | (31) |
|
1.5.1 Fundamental Equations for Reliability, Hazard, and Statistical Notions |
|
|
23 | (4) |
|
1.5.2 Fundamentals for Reliability Block Diagramming and Redundancy |
|
|
27 | (3) |
|
1.5.3 Solving Basic Reliability Questions by Using Student-Friendly Pedagogical Examples |
|
|
30 | (17) |
|
1.5.4 MC Simulators for Commonly Used Distributions in Reliability |
|
|
47 | (5) |
|
1.6 Discussions and Conclusion |
|
|
52 | (1) |
|
|
|
52 | (8) |
|
|
|
60 | (1) |
| 2 Complex Network Reliability Evaluation and Estimation in Cyber-Risk |
|
61 | (44) |
|
|
|
61 | (1) |
|
2.2 Overlap Technique to Calculate Complex Network Reliability |
|
|
62 | (8) |
|
2.2.1 Network State Enumeration and Example 1 |
|
|
63 | (1) |
|
2.2.2 Generating Minimal Paths and Example 2 |
|
|
64 | (4) |
|
2.2.3 Overlap Method Algorithmic Rules and Example 3 |
|
|
68 | (2) |
|
2.3 The Overlap Method: Monte Carlo and Discrete Event Simulation |
|
|
70 | (1) |
|
2.4 Multistate System Reliability Evaluation |
|
|
71 | (7) |
|
2.4.1 Simple Series System with Single Derated States |
|
|
73 | (1) |
|
2.4.2 Active Parallel System |
|
|
73 | (1) |
|
2.4.3 Simple Series—Parallel System |
|
|
74 | (1) |
|
2.4.4 A Simple Series—Parallel System with Multistate Components |
|
|
75 | (1) |
|
2.4.5 A Combined System: Power Plant Example |
|
|
76 | (1) |
|
2.4.6 Large Network Examples Using Multistate Overlap Technique |
|
|
77 | (1) |
|
2.5 Weibull Time Distributed Reliability Evaluation |
|
|
78 | (12) |
|
2.5.1 Motivation behind Weibull Probability Modeling |
|
|
78 | (1) |
|
2.5.2 Weibull Parameter Estimation Methodology |
|
|
79 | (1) |
|
2.5.3 Overlap Algorithm Applied to Weibull Distributed Components |
|
|
80 | (1) |
|
2.5.4 Estimating Weibull Parameters |
|
|
80 | (5) |
|
2.5.5 Fifty-Two-Node Weibull Example for Estimating Weibull Parameters |
|
|
85 | (5) |
|
2.5.6 A Weibull Network Example from an Oil Rig System |
|
|
90 | (1) |
|
2.6 Discussions and Conclusion |
|
|
90 | (3) |
|
Appendix 2.A Overlap Algorithm and Example |
|
|
93 | (8) |
|
|
|
93 | (2) |
|
|
|
95 | (6) |
|
|
|
101 | (2) |
|
|
|
103 | (2) |
| 3 Stopping Rules for Reliability and Security Tests in Cyber-Risk |
|
105 | (42) |
|
|
|
105 | (2) |
|
|
|
107 | (7) |
|
|
|
108 | (2) |
|
3.2.2 Compound Poisson Model |
|
|
110 | (4) |
|
3.3 Examples Merging Both Stopping Rules: LGM and CPM |
|
|
114 | (17) |
|
3.3.1 The DR5 Data Set Example |
|
|
114 | (4) |
|
3.3.2 The DR4 Data Set Example |
|
|
118 | (1) |
|
3.3.3 The Supercomputing CLOUD Historical Failure Data—Case Study |
|
|
119 | (2) |
|
3.3.4 Appendix for Section 3.3 |
|
|
121 | (10) |
|
3.4 Stopping Rule for Testing in the Time Domain |
|
|
131 | (8) |
|
3.4.1 Review of Compound Poisson Process and Stopping Rule |
|
|
131 | (1) |
|
3.4.2 Empirical Bayes Analysis for the PoissonAGeometric Stopping Rule |
|
|
132 | (3) |
|
3.4.3 Howden's Model for Stopping Rule |
|
|
135 | (1) |
|
3.4.4 Computational Example for Stopping-Rule Algorithm in Time Domain |
|
|
136 | (3) |
|
3.5 Discussions and Conclusion |
|
|
139 | (4) |
|
|
|
143 | (1) |
|
|
|
144 | (3) |
| 4 Security Assessment and Management in Cyber-Risk |
|
147 | (54) |
|
|
|
147 | (5) |
|
4.1.1 What Other Scoring Methods Are Available? |
|
|
148 | (4) |
|
4.2 Security Meter (SM) Model Design |
|
|
152 | (2) |
|
4.3 Verification of the Probabilistic Security Meter (SM) Method by Monte Carlo Simulation and Math-Statistical Triple-Product Rule |
|
|
154 | (16) |
|
4.3.1 The Triple-Product Rule of Uniforms |
|
|
156 | (2) |
|
4.3.2 Data Analysis on the Total Residual Risk of the Security Meter Design |
|
|
158 | (11) |
|
4.3.3 Triple-Product Rule Discussions |
|
|
169 | (1) |
|
4.4 Modifying the SM Quantitative Model for Categorical, Hybrid, and Nondisjoint Data |
|
|
170 | (8) |
|
4.5 Maintenance Priority Determination for 3 x 3 x 2 SM |
|
|
178 | (5) |
|
4.6 Privacy Meter (PM): How to Quantify Privacy Breach |
|
|
183 | (4) |
|
|
|
184 | (1) |
|
4.6.2 Privacy Risk-Meter Assessment and Management Examples |
|
|
185 | (2) |
|
4.7 Polish Decoding (Decompression) Algorithm |
|
|
187 | (2) |
|
4.8 Discussions and Conclusion |
|
|
189 | (1) |
|
|
|
190 | (9) |
|
|
|
199 | (2) |
| 5 Game-Theoretic Computing in Cyber-Risk |
|
201 | (76) |
|
5.1 Historical Perspective to Game Theory's Origins |
|
|
201 | (2) |
|
5.2 Applications of Game Theory to Cyber-Security Risk |
|
|
203 | (1) |
|
5.3 Intuitive Background: Concepts, Definitions, and Nomenclature |
|
|
204 | (4) |
|
5.3.1 A Price War Example |
|
|
205 | (3) |
|
5.4 Random Selection for Nash Mixed Strategy |
|
|
208 | (5) |
|
5.4.1 Random Probabilistic Selection |
|
|
208 | (1) |
|
5.4.2 Does Nash Equilibrium (NE) Exist for the Company A/B Problem in Table 5.1? |
|
|
209 | (1) |
|
5.4.3 An Example: Matching Pennies |
|
|
210 | (1) |
|
5.4.4 Another Game: The Prisoner's Dilemma |
|
|
210 | (1) |
|
5.4.5 Games with Multiple NE (Terrorist Game: Bold Strategy Result in Domination) |
|
|
211 | (2) |
|
5.5 Adversarial Risk Analysis Models by Banks, Rios, and Rios |
|
|
213 | (2) |
|
5.6 An Alternative Model: Sahinoglu's Security Meter for Neumann and Nash Mixed Strategy |
|
|
215 | (5) |
|
5.7 Other Interdisciplinary Applications of Risk Meters |
|
|
220 | (1) |
|
5.8 Mixed Strategy for Risk Assessment and Management-University Server and Social Network Examples |
|
|
221 | (5) |
|
5.8.1 University Server's Security Risk-Meter Example |
|
|
221 | (1) |
|
5.8.2 Social Networks' Privacy and Security Risk-Meter (RM) Example |
|
|
222 | (2) |
|
5.8.3 Clarification of Risk Assessment and Management Algorithm for Social Networks |
|
|
224 | (2) |
|
5.9 Application to Hospital Healthcare Service Risk |
|
|
226 | (3) |
|
5.10 Application to Environmetrics and Ecology Risk |
|
|
229 | (5) |
|
5.11 Application to Digital Forensics Security Risk |
|
|
234 | (5) |
|
5.12 Application to Business Contracting Risk |
|
|
239 | (6) |
|
5.13 Application to National Cybersecurity Risk |
|
|
245 | (8) |
|
5.14 Application to Airport Service Quality Risk |
|
|
253 | (4) |
|
5.15 Application to Offshore Oil-Drilling Spill and Security Risk |
|
|
257 | (7) |
|
5.16 Discussions and Conclusion |
|
|
264 | (2) |
|
|
|
266 | (5) |
|
|
|
271 | (6) |
| 6 Modeling and Simulation in Cyber-Risk |
|
277 | (62) |
|
6.1 Introduction and a Brief History to Simulation |
|
|
277 | (1) |
|
6.2 Generic Theory: Case Studies on Goodness of Fit for Uniform Numbers |
|
|
278 | (1) |
|
6.3 Why Crucial to Manufacturing and Cyber Defense |
|
|
279 | (1) |
|
6.4 A Cross Section of Modeling and Simulation in Manufacturing Industry |
|
|
280 | (21) |
|
6.4.1 Modeling and Simulation of Multistate Production Units and Systems in Manufacturing |
|
|
281 | (2) |
|
6.4.2 Two-State SL Probability Model of Units with Closed-Form Solution |
|
|
283 | (1) |
|
6.4.3 Extended Three-State SL Probability Model of UP—DOWN—DERATED Units with MC Simulation |
|
|
284 | (5) |
|
6.4.4 Statistical Simulation of Three-State Units to Estimate the Density of UP—DOWN—DER |
|
|
289 | (7) |
|
6.4.5 How to Generate Random Numbers from SL pdf to Simulate Component and System Behavior |
|
|
296 | (1) |
|
6.4.6 Example of SL Simulation for Modeling Network of 2-in-Simple-Series Two-State (UP—DN) Units |
|
|
297 | (3) |
|
6.4.7 Example of SL Simulation for Modeling a Network of 7-in-Complex-Topology Two-State (UP—DN) Units |
|
|
300 | (1) |
|
6.5 A Review of Modeling and Simulation in Cyber-Security |
|
|
301 | (5) |
|
6.5.1 MC Value-at-Risk Approach by Kim et al. in CLOUD Computing |
|
|
301 | (1) |
|
6.5.2 MC and DES in Security Meter (SM) Risk Model |
|
|
302 | (4) |
|
6.6 Application of Queuing Theory and Multichannel Simulation to Cyber-Security |
|
|
306 | (2) |
|
6.6.1 Example 1: One Recovery-Crew Case for Cyber-Security Queuing Simulation |
|
|
306 | (2) |
|
6.6.2 Example 2: Two Recovery-Crew Case for Cyber-Security Queuing Simulation |
|
|
308 | (1) |
|
6.7 Discussions and Conclusion |
|
|
308 | (3) |
|
|
|
311 | (4) |
|
|
|
315 | (20) |
|
|
|
335 | (4) |
| 7 CLOUD Computing in Cyber-Risk |
|
339 | (82) |
|
7.1 Introduction and Motivation |
|
|
339 | (3) |
|
7.2 CLOUD Computing Risk Assessment |
|
|
342 | (1) |
|
7.3 Motivation and Methodology |
|
|
343 | (6) |
|
7.3.1 History of Theoretical Developments on CLOUD Modeling |
|
|
343 | (1) |
|
|
|
344 | (1) |
|
|
|
344 | (1) |
|
7.3.4 Frequency and Duration Method for the Loss of Load or Service |
|
|
345 | (1) |
|
7.3.5 NBD as a Compound Poisson Model |
|
|
346 | (2) |
|
7.3.6 NBD for the Loss of Load or Loss of CLOUD Service Expected |
|
|
348 | (1) |
|
7.4 Various Applications to Cyber Systems |
|
|
349 | (8) |
|
7.4.1 Small Sample Experimental Systems |
|
|
349 | (4) |
|
7.4.2 Large Cyber Systems |
|
|
353 | (4) |
|
7.5 Large Cyber Systems Using Statistical Methods |
|
|
357 | (2) |
|
7.6 Repair Crew and Product Reserve Planning to Manage Risk Cost Effectively Using Cyberrisksolver CLOUD Management Java Tool |
|
|
359 | (9) |
|
7.6.1 CLOUD Resource Management Planning for Employment of Repair Crews |
|
|
360 | (5) |
|
7.6.2 CLOUD Resource Management Planning by Production Deployment |
|
|
365 | (3) |
|
7.7 Remarks for "Physical CLOUD" Employing Physical Products Servers, Generators, Communication Towers, Etc.) |
|
|
368 | (4) |
|
7.8 Applications to "Social (Human Resources) CLOUD" |
|
|
372 | (7) |
|
7.8.1 Numerical Example for Social CLOUD (200 Employees Performing) |
|
|
376 | (3) |
|
7.8.2 Input Wizard Example for Social CLOUD (200 Employees Performing) |
|
|
379 | (1) |
|
7.9 Stochastic CLOUD System Simulation |
|
|
379 | (18) |
|
7.9.1 Introduction and Methodology |
|
|
381 | (4) |
|
7.9.2 Numerical Applications for SS to Verify Non-SS |
|
|
385 | (2) |
|
7.9.3 Details of Probability Distributions Used in Stochastic Simulation |
|
|
387 | (6) |
|
7.9.4 Varying Product Repair and Failure Date with Empirical Bayesian Posterior Gamma Approach |
|
|
393 | (1) |
|
7.9.5 Varying Link Repair and Failure Using Gamma Distribution |
|
|
393 | (1) |
|
7.9.6 SS Applied to a Power or Cyber Grid |
|
|
394 | (2) |
|
7.9.7 Error Checking or Flagging |
|
|
396 | (1) |
|
7.10 CLOUD Risk Meter Analysis |
|
|
397 | (8) |
|
7.10.1 Risk Assessment and Management Clarifications for Figures 7.72 and 7.73 |
|
|
402 | (3) |
|
7.11 Discussions and Conclusion |
|
|
405 | (2) |
|
|
|
407 | (9) |
|
|
|
416 | (5) |
| 8 Software Reliability Modeling and Metrics in Cyber-Risk |
|
421 | (30) |
|
8.1 Introduction, Motivation, and Methodology |
|
|
421 | (1) |
|
8.2 History and Classification of Software Reliability Models |
|
|
422 | (2) |
|
8.2.1 Time-between-Failures Models |
|
|
422 | (1) |
|
8.2.2 Failure-Counting Models |
|
|
422 | (1) |
|
|
|
423 | (1) |
|
8.2.4 Static (Nondynamic) Models |
|
|
423 | (1) |
|
|
|
424 | (1) |
|
8.3 Software Reliability Models in Time Domain |
|
|
424 | (1) |
|
8.4 Software Reliability Growth Models |
|
|
425 | (15) |
|
8.4.1 Negative Exponential Class of Failure Times |
|
|
425 | (1) |
|
8.4.2 J—M De-eutrophication Model (Binomial Type) |
|
|
425 | (1) |
|
8.4.3 Moranda's Geometric Model (Poisson Type) |
|
|
426 | (1) |
|
8.4.4 Goel—Okumoto Nonhomogeneous Poisson Process (Poisson Type) |
|
|
427 | (1) |
|
8.4.5 Musa's Basic Execution Time Model (Poisson Type) |
|
|
428 | (1) |
|
8.4.6 Musa—Okumoto Logarithmic Poisson Execution Time Model (Poisson Type) |
|
|
429 | (2) |
|
|
|
431 | (2) |
|
8.4.8 Sahinoglu's Compound PoissonAGeometric and PoissonALogarithmic Series Models |
|
|
433 | (2) |
|
8.4.9 Gamma, Weibull, and Other Classes of Failure Times |
|
|
435 | (4) |
|
8.4.10 Duane Model (Poisson Type) |
|
|
439 | (1) |
|
8.5 Numerical Examples Using Pedagogues |
|
|
440 | (1) |
|
|
|
440 | (1) |
|
|
|
441 | (1) |
|
8.6 Recent Trends in Software Reliability |
|
|
441 | (1) |
|
8.7 Discussions and Conclusion |
|
|
442 | (3) |
|
|
|
|
|
|
445 | (6) |
| 9 Metrics for Software Reliability Failure-Count Models in Cyber-Risk |
|
451 | (32) |
|
9.1 Introduction and Methodology on Failure-Count Estimation in Software Reliability |
|
|
451 | (15) |
|
9.1.1 Statistical Estimation Models, Computational Formulas, and Examples |
|
|
452 | (12) |
|
9.1.2 Interpretations of Numerical Examples and Discussions |
|
|
464 | (2) |
|
9.2 Predictive Accuracy to Compare Failure-Count Models |
|
|
466 | (7) |
|
9.2.1 Classical Distribution Approach |
|
|
468 | (1) |
|
9.2.2 Prior Distribution Approach |
|
|
469 | (3) |
|
9.2.3 Applications to Data Sets and Comparisons |
|
|
472 | (1) |
|
9.3 Discussions and Conclusion |
|
|
473 | (4) |
|
|
|
477 | (1) |
|
|
|
478 | (4) |
|
|
|
482 | (1) |
| 10 Practical Hands-On Lab Topics in Cyber-Risk |
|
483 | (28) |
|
|
|
483 | (3) |
|
|
|
483 | (1) |
|
|
|
484 | (1) |
|
|
|
484 | (1) |
|
10.1.4 Firewalls, Routers, and Switches |
|
|
485 | (1) |
|
|
|
486 | (1) |
|
10.2.1 Identifying Fake Emails |
|
|
486 | (1) |
|
|
|
486 | (1) |
|
|
|
487 | (5) |
|
|
|
488 | (4) |
|
|
|
492 | (3) |
|
|
|
493 | (1) |
|
10.4.2 Understanding Logs |
|
|
494 | (1) |
|
|
|
495 | (1) |
|
10.5.1 Traditional Firewalls |
|
|
495 | (1) |
|
|
|
496 | (1) |
|
10.5.3 Host-Based Firewalls |
|
|
496 | (1) |
|
|
|
496 | (3) |
|
10.7 Discussions and Conclusion |
|
|
499 | (1) |
|
|
|
500 | (1) |
|
|
|
501 | (8) |
|
|
|
501 | (1) |
|
|
|
501 | (1) |
|
|
|
502 | (1) |
|
|
|
503 | (1) |
|
|
|
503 | (2) |
|
|
|
505 | (1) |
|
10.8.7 Comprehensive Exercises |
|
|
505 | (2) |
|
10.8.8 Cryptology Projects |
|
|
507 | (2) |
|
|
|
509 | (2) |
| What the Cyber-Risk Informatics Textbook and the Author are About? |
|
511 | (2) |
| Index |
|
513 | |
