Secure Multiparty Computation for Cooperative Cyber Risk Assessment
MASSACHUSETTS INST OF TECH LEXINGTON LEXINGTON United States
Pagination or Media Count:
A common problem organizations face is determining which security updates to perform and patches to apply to minimize the risk of potential vulnerabilities in their infrastructure. Limited budgets and resources constrain organizations to select a set of the most security critical updates that they can afford to perform thus, it is very important for vulnerability risks to be computed accurately. The accuracy of these risk assessments improves with the scope of data available the more attacks that are represented in the dataset the easier it will be to determine which vulnerabilities are most likely to be exploited and how much damage an exploit is likely to cause. In particular, organizations can improve the accuracy of their cyber risk assessments by pooling their data, as a dataset that covers the infrastructure of multiple institutions would allow each of them to account for attacks that others had experienced. Sharing information to produce a broad dataset would greatly improve the ability of each organization involved to make value assignments, but is impractical due to the sensitive nature of the data involved. Organizations are understandably unwilling to publicly reveal information pertaining to current vulnerabilities or past attacks as it could be damaging to both their security and reputation. These privacy concerns may prevent organizations from sharing their datasets to obtain a more accurate risk assessment.
- Computer Systems Management and Standards
- Numerical Mathematics