🇺🇸Cybersecurity Risk Assessment with Bayesian Networks

Presented at the 8th Annual BayesiaLab Conference on October 29, 2020.

Abstract

Risk assessment is challenging when data is unavailable, hard to obtain, or costly to process. Organizations often request estimates from experts instead. I present an implementation of the Modified Beta PERT distribution within a Bayesian network that facilitates such expert knowledge elicitation and can be used as part of more sophisticated Bayesian networks that also incorporate real and estimated datasets.

Presentation Video

Presentation Slides

About the Presenter

Corey Neskey has been providing analyses, architecting secure environments, and leading security program implementations in IT security and risk since 2011. His career started with informing executive decision-making using algebraic data analyses for explanation, simulation, and attribution (i.e., intelligence analysis, forensics, SOC, CIRT), and optimization. His toolset expanded to more descriptive and predictive methods (i.e., machine learning/AI for risk assessment, vulnerability prioritization, and event correlation). He is now developing skills for integrating these analytical areas and expanding beyond algebraic methods and static probability calculus to using Bayesian network models.