What is the basic formula for risk analysis?

Monte carlo simulation

The Monte Carlo simulation is a method that allows you to obtain results when modeling the problem mathematically and/or finding that an analytical solution is too complex. Many software tools are available to assist in helping build Monte Carlo simulations, such as the TIRM pilot software tool presented in Chapter 12.

The Monte Carlo simulation uses algorithms that can be run on any computer that creates a large amount of random numbers of a chosen distribution. First, the elements that should be represented and appropriate distributions are chosen for the simulation. Then, mathematical calculations are defined that should be executed on these elements and the number N of simulation runs has to be determined. The simulation generates N random numbers that follow the defined distribution for each of the elements and executes the calculations N times. The average, variance, and confidence intervals can be then calculated to summarize the results of these calculations.

The model, as presented in Chapter 5, is used to make the risk calculations for TIRM process step B9. The Monte Carlo simulation allows the collection of quantitative inputs for TIRM process steps B1 to B7 in the form of a probability distribution, instead of using exact values, which are often difficult to get. It makes it easier for experts to provide these quantitative inputs. For each input a statistical distribution is chosen. Commonly used distributions for Monte Carlo simulations are the uniform distribution, triangular distribution, and normal distribution. The uniform distribution assumes that values are equally distributed between a lower and upper boundary, which requires the expert to estimate a lower and upper boundary as the input. Additionally, the triangular distribution needs an estimate of the mode (i.e., the most likely value), therefore, values are assumed to be in the triangle between the lower and upper boundaries and the mode. The normal distribution also requires the estimation of a lower and upper value as the input, assuming that these are the points between which 95% of the values are supposed to lie and that values follow a normal distribution curve.

EXAMPLE

The business process representatives cannot give the exact value for the probability of an information quality problem in TIRM process step B3. But, they do note that the probability of the information quality problem is very likely to be between 30% and 50%. Therefore, 30% and 50% are used as the parameters for the uniform distribution. At the end, in process step B9, risk totals are calculated using the Monte Carlo simulation, which simulates the results by using these parameters as the input.

Countermeasures Determination

Appropriate countermeasure selection is a process that involves the following steps, which are from the NIST 780 American Petroleum Institute (API) risk analysis methodology. This methodology is one of the most complete and straightforward to use, and it allows for a financial and risk calculation that is most thorough as well as allowing for stakeholder input into the process1:

Define the assets to be protected and characterize the facility where they are located. Facility characterization includes a complete description of the environment, including the physical environment, security environment, and operational environment. Determine the criticality of each major asset and the consequences of the loss of the asset. Consequences can be measured in loss of life or injury, loss of monetary value, environmental damage, and loss of business or business continuity.

Perform a threat analysis. Define both the potential threat actors and the threat vectors (methods and tactics that the threat actors may use to gain entry or stage an attack). Threat actors may include terrorists, activists, and criminals. Criminals may be either economic criminals or violent criminals, such as those who cause workplace violence. Rank the threat actors’ motivation, history, and capabilities. Rank the threats by their ability to harm the assets using the previous criteria.

Review the basic vulnerabilities of all the protected assets to the types of attacks common to the declared threat actors.

Evaluate the existing and natural countermeasures that are already in place or in the existing design of the building or its site. For example, does a storm levy make vehicle entry more difficult? Is existing lighting a deterrent? The difference is the remaining vulnerabilities to protect.

Determine the likelihood of attack:

Determine the probable value of each of the assets to the probable threat actors (asset target value calculation).

Likelihood = threat ranking × asset attractiveness × remaining vulnerabilities.

Calculate the risk of attack: Risk = consequences × likelihood.

Determine additional countermeasures needed to fill the remaining gap in vulnerabilities prioritized by the risk calculation previously (Fig. 8.1).

Determine from what resources the additional countermeasures can be sourced.

In this Section

Chapter 23 develops a finite difference approach to value financial derivatives. Starting with a single-factor model, the author develops the model to a two-factor model using the alternating direction implicit scheme. Building on the tri-diagonal solver techniques introduced in Chapter 11, the author develops a PDE solver and shows how it can be applied in financial applications to accelerating pricing and risk calculations.

Chapter 24 uses a Monte Carlo simulation to model credit risk, creating a loss distribution for a large portfolio and enabling detailed analytics in the tail of the distribution. Deviating from the normal one-thread-per-scenario method for embarrassingly parallel algorithms, the authors use multiple threads cooperating on a single scenario to improve the memory characteristics. As a result the performance scales very well and large problem sizes are easily accommodated, enabling significant power and hardware cost saving.

Chapter 25 applies Monte Carlo simulation to market value-at-risk calculation and considers the application from a variety of perspectives to understand where performance can be improved. The authors evolve the application from a naïve implementation by applying algorithmic and high-level optimizations to achieve a significant speedup, thereby enabling such calculations to be performed on- demand rather than overnight.

3 Results

Although the three objective functions are evaluated, the obtained results are shown in Table 1. All Pareto fronts were obtained after 100,000 evaluations, as afterward, the vector of decision variables did not produce any meaningful improvement. Initially, note the pure distillation schemes present a difference of 32%. The high difference in TAC is high enough to select as the best option the direct sequence between both conventional alternatives. For such reason, since the direct alternative has been identified, only the schemes derived for that configuration are considered for optimization procedure. After the optimization process, some trends among objective function were observed. Note, in Figure 5, when the TAC is evaluated jointly IR, it is clear the competitive connection between both targets, as long as the TAC increase, the individual risk decreases and vice versa. Figure 5 also shows the antagonist behavior between the environmental impact and the individual risk associated with the conventional downstream process. It is possible to obtain process with low environmental impact, however, the probability of individual accident increase and vice versa.

Table 1. Objective function values

Regarding the evaluation of TAC and IR, it is pretty interesting the reason for such reduction on this incident probability. Since IR calculation considers continuous and instantaneous chemical releases, it is clear that as long as internal flows increase, IR will increase because of the quantity of inventory inside the column increase, which it will provoke that if an accident happens the affectation and duration of the events or probability of death will be greater due to there is more mass that is source to fires, explosion, and toxic releases. This is the general tendency, however, note that for IR calculations several physicochemical properties are involved, such as heat of combustion, flammability limits and so on. With this in mind, note that the feed stream to be separated is mainly composed of water, which obviously for its physicochemical properties generates a contrary behavior. In other words, the IR increases with high internal flows (caused by high reflux o high diameters), however in this case of study for almost all sequences, the first columns separate mainly water, consequently, the internal flows are enriched with water. This amount of water solubilizes the other component to separates and its flammability and toxicity decrease.

Furthermore, at second column acetoin and 2,3-BD are separated, but at this instance, the internal flows follow the common IR behavior, because the quantity of water is fewer in comparison with the first column. In this manner, the IR calculation does not generate a proportional behavior with TAC because of this associated conflict. Finally, when is observed the tendency of EI99 evaluated jointly IR in Pareto front of Figure 5, similar behavior is observed. The internal flows play an interesting role already mentioned. However, those flows must be heated. So, in almost all alternatives, the first column separates the water and implies a significant amount of steam, impacting directly on EI99 value. However, the concentration of flammable compounds decreases. On the other hand, the last column to reduce both IR and TAC values is composed mainly by small columns, which indeed needs fewer services than the first column. Table 2 shows the main parameters of the intensified scheme.

Table 2. Intensified scheme 4a) parameters

Risk at the Enterprise Level

Before you can even hope to tackle risk management at an enterprise level or integrate your security risk management program into an enterprise level view, you need to convince the organization of the value of a common risk formula.

Calculating an Exchanger’s Tube Rupture Safety Rating (SR)

In order to design a heat exchanger and incorporate an exchanger’s ability to withstand a tube rupture, a metric must be developed in terms of design parameters (pressure, temperature, volume, etc). The following safety metric is proposed:

(1)SRHE=PdesignPtmax×100

Where…

SR = Safety Rating

Pdesign = The design pressure of the shell side

P(t)max = The maximum transient shell side pressure that is experienced during a tube rupture

The benefit of the SR metric is that it relates the severity of a tube rupture (in terms of the maximum pressure reached) with the design pressure of the shell. This allows a plant to specify a tolerance/threshold that is acceptable for their facility. An SR score of 67 or above is considered to be adequate for a tube rupture. An SR score of less than 67 may mean that a heat exchanger is inadequately designed for the possibility of overpressure from a tube rupture. Table 3 is a more comprehensive reference on how to interpret an SR score.

Table 3. Interpretation Guide for Safety Rating Scores

The addition of the SR metric begs the question: why not instead calculate the risk of a tube rupture? Quantifying the risk for this scenario is a difficult task, primarily because little publicly available data exists on the probability of heat exchanger tube ruptures. This makes risk calculations highly unreliable. The SR metric does however indirectly measure the risk of a tube rupture. This is because the SR metric incorporates the transient pressure in the shell side and compares it to its design pressure (the pressure that the equipment is rated for). For a tube rupture scenario that barely exceeds the shell’s design pressure (interpreted as a high SR metric), minimal impact to the exchanger is expected. However, for a tube rupture that greatly exceeds the shell’s hydrotest pressure (interpreted as a low SR metric), a catastrophic failure may occur.

It should be noted that the SR metric resembles that of the common industry rule-of-thumb known as the “two-thirds rule”. Moreover, Table 3 lists an SR score of 67 as the cutoff point for whether or not an exchanger is able to withstand a tube rupture. The difference between the SR metric and the two-thirds rule is that the SR metric is intended to use the maximum transient shell side pressure while the two-thirds rule only compares the design pressure and hydrotest pressure of the tube and shell sides, respectively. In addition, due to the fact that the SR metric requires the maximum transient shell side pressure, it may incorporate the use of a pressure relief device to increase its score (making the process safer). Thus, for determining the safety rating of an exchanger, it is entirely possible that an exchanger with a tube side pressure of 100 bar and a shell side pressure of 10 bar have an SR score of 100. The way that an exchanger may obtain an SR of 100 can be if it has a pressure relief valve adequately sized to handle the influx of incoming tube side fluid. The exchanger may also have a larger volume, smaller tube size, and many other design variations in order to obtain an SR of 100.

It should also be noted that the two-thirds rule acts as a screening mechanism for determining whether or not an exchanger needs to have a pressure relief valve installed (Hellemans, 2009). In contrast, the SR metric functions as a safety “operating level” or specification that a plant determines it wishes to perform at.

3 Results and Discussion

The stream from the fermentation step enters the column C0 (see Figures 1 and 2) to concentrate the diluted mixture to a composition near the azeotrope composition (D0). The distillate stream is the feed to the azeotropic column C1, where the dehydration step takes place and the top product (D1), containing mostly water, is located in the immiscibility zone of the ethanol-water-n-octane system. The product is condensed and sent to a liquid-liquid separator to obtain an n-octane rich phase (ORG) that is recirculated to the azeotropic column. The aqueous phase is recycled to the column C0 because it still contains ethanol. The bottom C1 product is an n-octane-ethanol mixture that enters the column C2 to recover the entrainer and obtain the final product, an ethanol-n-octane mixture (B2). The results of the design for the columns and mass flows are presented in Tables 1 and 2.

Table 1. Design parameters of columns for the azeotropic distillation scheme

Table 2. Mass flowrates for streams

For risk calculations, five catastrophic scenarios are considered. There are two types of mass releases, instantaneous and continuous. In the case of an instantaneous release, the outcomes are boiling liquid expanding vapour explosion (BLEVE), unconfined vapour cloud explosion (UVCE), and flash fire due to instantaneous release (FFI). The other two scenarios correspond to a continuous release, jet fire and flash fire due to continuous release (FFC). The calculations were carried out considering only n-octane within the process. The estimated total distance likely to cause death (DD) was 0.1446371 m/y, which represents the total individual risk of the process considering the extractive and recovery columns. The corresponding risk of the five events can be seen in Figure 3 for columns C1 and C2.

Table 3 shows the distances of impact obtained for all events. Although BLEVE scenarios have the greatest distances, we can see in Figure 3 that flash fire due to a continuous release represents the worst-case scenario for both columns. This is because FFC has a higher probability of occurrence. The probability of occurrence for FFC is 2.48 × 10−4/y in contrast to the BLEVE probability of occurrence of 5.75 × 10−6/y, a difference of two orders of magnitude.

Table 3. Fatal distances for the different events

As mentioned above, the approach is based on a multi-criteria analysis. Therefore, Table 4 shows the cost of dehydrating the product, with a flow of 800 kmol/h and a composition of 90% mol water. The total purification cost is 0.0752 US$/kg ethanol. Carbon dioxide emissions were estimated assuming crude oil as fuel. The value reported in Table 4 shows CO2 emissions of 0.007639 Kg/s per kmol of ethanol dehydrated.

Table 4. Azeotropic distillation scheme costs for an 80 kmol/h ethanol production

In order to compare the results with the extractive distillation process to dehydrate bioethanol, we considered the works reported by Avilés-Martinez et al. (2012) and Medina-Herrera et al. (2014), in which extractive distillation was used to obtain anhydrous bioethanol. Using the same ethanol production rate as in this work, Medina-Herrera et al. (2014) minimized the total individual risk in the extractive column and in the ethylene-glycol recovery column, and reported a distance likely to cause death of 0.2052 m/y, which is higher than the result obtained here of 0.1446 m/y. In the work by Avilés-Martinez et al. (2012), glycerol was considered as entrainer. Based on the design parameters reported in their work, we simulated their extractive distillation process for the diluted water-ethanol mixture considered here. The results include a higher TAC of 3,148,340 US$/y, equivalent to 0.0996 US$/kg ethanol, and a total heat duty of 0.010931 GJ/kg-ethanol. The CO2 emissions were estimated at 3096.23 kg/h, equivalent to 0.011 Kg/s for every kmol of ethanol purified. Figure 4 summarizes the results obtained for the economic, safety, energy and environmental terms analyzed for the separation schemes; it can be observed that all of these factors favor the use of azeotropic distillation over extractive distillation for the case study considered here.

Identity Management Overview

A model of identity can been as follows [7]:

User who wants to access to a service

Identity Provider (IdP): is the issuer of user identity

Service Provider (SP): is the relay party imposing identity check

Identity (Id): is a set user’s attributes

Personal Authentication Device (PDA): Device holding various identifiers and credentials and could be used for mobility

Figure 4.1 lists the main components of identity management. The relationship between entities, identities and identifiers are shown in Figure 4.2, which illustrates that an entity, such as a user, may have multiple identities, and each identity may consist of multiple attributes that can be unique or non-unique identifiers.

Identity management refers to “the process of representing, using, maintaining, deprovisioning and authenticating entities as digital identities in computer networks”.

Authentication is the process of verifying claims about holding specific identities. A failure at this stage will threaten the validity in the entire system. The technology is constantly finding stronger authentication using claims based on:

Something you know: password, PIN

Something you have: one-time-password

Something you are: your voice, face, fingerprint (Biometrics)

Your position

Some combination of the four.

The BT report [3] has highlighted some interesting points to meet the challenges of identity theft and fraud:

Developing risk calculation and assessment methods

Monitoring user behavior to calculate risk

Building trust and value with the user or consumer

Engaging the cooperation of the user or consumer with transparency and without complexity or shifting the liability to consumer

Taking a staged approach to authentication deployment and process challenges, using more advanced technologies

Digital identity should mange three connected vertexes: usability, cost and risk as illustrated in Figure 4.3.

The user should be aware of the risk he/she facing if his/her device/software’s security is compromised. The usability is the second aspect that should be guaranty to the user unless he/she will find the system difficult which could be a source of security problem. Indeed, a lot of users when they are flooded by passwords write them down and hide them in a secrete place under their keyboard. Furthermore, the difficulty to deploy and manage a large number of identities discourages the use of identity management system. The cost of a system should be well studied and balanced related to risk and usability. Many systems such as one-Time-Password token are not widely used because they are too costly for a widespread deployment for large institutions. Traditionally identity management was seen as service provider centric as it was designed to fulfill the requirements of service provider, such as cost effectiveness and scalability. The users were neglected in many aspects because they were forced to memorize difficult or too many passwords. Identity management systems are elaborated to deal with the following core facets [8]:

Reducing identity theft: The problem of identity theft is becoming a major one, mainly in the online environment. The providers need more efficient system to tackle this problem.

Management: The amount of digital identities per person will increase, so the users need convenient support to manage these identities and the corresponding authentication.

Reachability: The management of reachability allows user to handle their contacts to prevent misuse of their address (spam) or unsolicited phone calls.

Authenticity: Ensuring authenticity with authentication, integrity and non-repudiation mechanisms can prevent from identity theft.

Anonymity and pseudonymity: providing anonymity prevent from tracking or identifying the users of a service.

Organization personal data management: A quick method to create, modify a delete work accounts is needed, especially in big organizations.

Without improved usability of identity management [8], for example, weak passwords used by users on many Web sites, the number of successful attacks will remain high. To facilitate interacting with unknown entities, simple recognition rather than authentication of a real-world identity has been proposed, which usually involves manual enrollment steps in the real-world [5]. Usability is indeed enhanced, if there is no manual task needed. There might be a weaker level of security but that level may be sufficient for some actions, such as, logging to a mobile game platform. Single Sign-On (SSO) is the name given to the requirements of eliminating multiple password issues and dangerous password. When we use multiple user Id’s and passwords just to use the emails systems and file servers at work, we feel the inconvenience that comes from having multiple identities. The second problem is the scattering of identity data which causes problems for the integration of IT systems. Moreover, it simplifies the end-user experience and enhances security via identity-based access technology.

Microsoft first largest identity management system was Passport Network. It was a very large and widespread Microsoft Internet service to be an identity provider for the MSN and Microsoft properties, and to be an identity provider for the Internet. However, with Passport, Microsoft was suspected by many persons of intending to have an absolute control over the identity information of Internet users and thus exploiting them for its own interests. Passport failed to become the Internet identity management tool. Since then, Microsoft has clearly understood that an identity management solution cannot succeed unless some basic rules are respected [9]. That’s why Microsoft’s Identity Architect, Kim Cameron, has stated the seven laws of identity. His motivation was purely practical in determining the prerequisites of successful identity management system. He formulated the essential principles to maintain privacy and security.

User control and consent over the handling of their data.

Minimal disclosure of data, and for specified purpose.

Information should only be disclosed to people who have a justifiable need for it.

The system must provide identifiers for both bilateral relationships between parties, and for incoming unsolicited communications.

It must support diverse operators and technologies.

It must be perceived as highly reliable and predictable.

There must be a consistent user experience across multiple identity systems and using multiple technologies.

Most systems do not fulfill several of these tests particularly they are deficient in fine-tuning the access control over identity to minimize disclosure of data. The formulated Cameron’s principles are very clear but they are not enough explicit to compare finely identity management systems. That’s why we will define explicitly the identity requirements.

Identity Management Overview

A model of identity7 can been as follows:

A user who wants to access to a service

Identity Provider (IdP), the issuer of user identity

Service Provider (SP), the relay party imposing an identity check

Identity (Id), a set of user attributes

Personal Authentication Device (PAD), which holds various identifiers and credentials and could be used for mobility

Figure 17.1 lists the main components of identity management.

The relationship between entities, identities and identifiers are shown in Figure 17.2 which illustrates that an entity, such as a user, may have multiple identities, and each identity may consist of multiple attributes that can be unique or non-unique identifiers.

Identity management refers to “the process of representing, using, maintaining, deprovisioning and authenticating entities as digital identities in computer networks.”8

Authentication is the process of verifying claims about holding specific identities. A failure at this stage will threaten the validity of the entire system. The technology is constantly finding stronger authentication using claims based on:

Something you know (password, PIN)

Something you have (one-time-password)

Something you are (your voice, face, fingerprint [biometrics])

Your position

Some combination of the four

The BT report9 has highlighted some interesting points to meet the challenges of identity theft and fraud:

Developing risk calculation and assessment methods

Monitoring user behavior to calculate risk

Building trust and value with the user or consumer

Engaging the cooperation of the user or consumer with transparency and without complexity or shifting the liability to the consumer

Taking a staged approach to authentication deployment and process challenges using more advanced technologies

Digital identity should manage three connected vertexes: usability, cost, and risk, as illustrated in Figure 17.3.

The user should be aware of the risk she is facing if her device’s or software’s security is compromised. Usability is the second aspect that should be guaranteed to the user unless he will find the system difficult to use, which could be the source of a security problem. Indeed, many users, when flooded with passwords to remember, write them down and hide them in a “secret” place under their keyboard. Furthermore, the difficulty of deploying and managing a large number of identities discourages the use of an identity management system. The cost of a system should be well studied and balanced related to risk and usability. Many systems such as one-time password tokens are not widely used because they are too costly for widespread deployment in large institutions. Traditionally, identity management was seen as being service provider-centric because it was designed to fulfill the requirements of service providers, such as cost effectiveness and scalability. Users were neglected in many aspects because they were forced to memorize difficult or too many passwords.

Identity management systems are elaborated to deal with the following core facets10:

Reducing identity theft. The problem of identity theft is becoming a major one, mainly in the online environment. Providers need more efficient systems to tackle this issue.

Management. The number of digital identities per person will increase, so users need convenient support to manage these identities and the corresponding authentication.

Reachability. The management of reachability allows a user to handle their contacts to prevent misuse of their email address (spam) or unsolicited phone calls.

Authenticity. Ensuring authenticity with authentication, integrity, and nonrepudiation mechanisms can prevent identity theft.

Anonymity and pseudonymity. Providing anonymity prevents tracking or identifying the users of a service.

Organization personal data management. A quick method to create, modify, or delete work accounts is needed, especially in big organizations.

Without improved usability of identity management11—for example, weak passwords used on many Web sites—the number of successful attacks will remain high. To facilitate interacting with unknown entities, simple recognition rather than authentication of a real-world identity has been proposed, which usually involves manual enrollment steps in the real world.12 Usability is indeed enhanced if no manual task is needed. There might be a weaker level of security, but that level might be sufficient for some actions, such as logging to a mobile game platform. Single Sign-On (SSO) is the name given to the requirements of eliminating multiple-password issues and dangerous passwords. When we use multiple user IDs and passwords just to use email systems and file servers at work, we feel the inconvenience that comes from having multiple identities. The second problem is the scattering of identity data, which causes problems for the integration of IT systems. SSO simplifies the end-user experience and enhances security via identity-based access technology.

Microsoft’s first large identity management system was the Passport Network. It was a very large and widespread Microsoft Internet service, an identity provider for the MSN and Microsoft properties and for the Internet. However, with Passport, Microsoft was suspected by many of intending to have absolute control over the identity information of Internet users and thus exploiting them for its own interests. Passport failed to become “the” Internet identity management tool.

Since then, Microsoft has clearly come to understand that an identity management solution cannot succeed unless some basic rules are respected.13 That’s why Microsoft’s Identity Architect, Kim Cameron, has stated the seven laws of identity. His motivation was purely practical in determining the prerequisites of creating a successful identity management system. He formulated these essential principles to maintain privacy and security;

User control and consent over the handling of their data

Minimal disclosure of data, and for a specified purpose

Information should only be disclosed to people who have a justifiable need for it

The system must provide identifiers for both bilateral relationships between parties and for incoming unsolicited communications

It must support diverse operators and technologies

It must be perceived as highly reliable and predictable

There must be a consistent user experience across multiple identity systems and using multiple technologies.

Most systems do not fulfill several of these tests; they are particularly deficient in fine-tuning the access control over identity to minimize disclosure of data.

Cameron’s principles are very clear but they are not explicit enough to compare identity management systems. That’s why we will explicitly define the identity requirements.

Key Emerging Technologies

This book laid out an approach for effectively dealing with the APT. The methods in this book will scale, providing effectively security today and into the future because they focus in on fixing the problem and not on treating the symptoms. However, the threat will effectively evolve and it is important to not just focus on the current concern, the APT, it is also important to focus on all next generation threats. As organizations continue to focus on effectively dealing with the APT, the APT is not going to go away, it is going to evolve. As the defense gets more effective, the offense will change and adapt. In addition to focusing in on properly protecting data and mitigating risk, it is also important to look out on the horizon and track the emerging trends that are needed to effectively scale security into the future. Some of the key emerging trends that effective organizations are focusing on are:

More focus on data correlation—Instead of adding more devices to a network, perform data correlation across the existing devices first. Networks are becoming so complex that no single device will be able to give enough insight into what is happening across an organization. To better understand both normal and anomalous traffic, data correlation has to be performed across all critical devices. Each device/server has a piece of the puzzle and only by putting all of the pieces together, can organizations understand what is really happening.

Threat intelligence analysis will become more important—Many of the products in the security industry are becoming more commoditized. Many consoles and network devices are very similar in how they work and operate. The key differentiator is having accurate and up-to-date threat data. Organizations cannot fix every single risk. Therefore as the risks grow, more focus has to be put against the real attack vectors. A growing theme is the defense must learn from the offense. Threat must drive the risk calculation so that the proper vulnerabilities can be addressed. Only with proper threat data, can the avenues of exploitation be fixed.

Endpoint security becomes more important—As more and more devices become portable, the importance of the endpoint becomes more critical. In terms of the data it contains, there is little difference between a server and a laptop. A server might have more data but laptops typically still have a significant amount of critical information. However, the server is on a well-protected network and the laptop is usually directed connected to untrusted networks, including wireless. Therefore, we need to move beyond traditional endpoint protection and focus on controlling, monitoring and protecting the data on the end points.

Focusing in on proactive forensics instead of being reactive—Attacks are so damaging that once an attacker gets in it is too late. In addition, with technologies like virtualization and SCADA controllers, performing reactive forensics is more difficult and sometimes not possible. Therefore, more energy and effort needs to be put against proactively identifying problems and avenues of compromise before major impact is caused to an organization. With the amount of intellectual property that is being stolen and the reputational damage, proactive is the only way to go.

Moving beyond signature detection—Signature detection works because the malicious code did not change and it took a while for large-scale exploitation to occur. While signature detection is still effective at catching some attacks, it does not scale to the advanced persistent threat (APT) that continues to occur. Therefore, signature detection must be coupled with behavioral analysis to effectively prevent and detect the emerging threats that will continue to occur. Since the new threats are always changing and persistent, only behavior analysis has a chance of being able to deal with the malicious attacks in an effective way.

Users will continue to be the target of attack—Everyone likes to focus on the technical nature of recent attacks, but when you perform root cause analysis the entry point with most of these sophisticated APT attacks is a user opening an attachment, clicking on a link, or performing some action they are not supposed to. After an initial control point is gained on the private networks, the attacks became very sophisticated and advanced but the entry point with many attacks is traditional social engineering. Advanced spear phishing attacks will trick the user into performing some action they are not supposed to. While you will never get 100% compliance from employees, organizations need to put energy against it because they will get short and long term benefit.

Shifting from focusing on data encryption to key management—Crypto is the solution of choice for many organizations, however they fail to realize that crypto does not do any good, if the keys are not properly managed and protected. Crypto has quickly become painkiller security because organizations are focused on the algorithms and not the keys. The most robust algorithms in the world are not any good without proper management of the keys. Most data that is stolen is from encrypted databases because the keys are stored directly with the encrypted data.

Cloud computing will continue regardless of the security concerns—Even though there are numerous concerns and security issues with cloud, you cannot argue with free. As companies continue to watch the bottom line, more companies are wondering why they are in the data center business. By moving to both public and private clouds can lower costs and overhead; however as with most items, security will not be considered until after there are major problems. Attackers will always focus on high payoff targets. As more companies move to the cloud, the attack methods and vectors will also increase at an exponential rate including an APT focused on the cloud.

New Internet protocols with increased exposure—As the Internet continues to grow and be used for everything, new protocols will continue to emerge. The problem is the traditional model of deploying new protocols, no longer works. In the past, a new protocol was developed and would take a long term to achieve mainstream usage. This allowed the problems to be worked out and security to be properly implemented. Today when a new protocol comes out it is used so quickly, the problems are only identified after there is wide spread use, which quickly leads to wide spread attacks.

Integrated/embedded security devices—Not only is technology becoming integrated into almost every component, more functionality is being moved to the hardware level. Beyond the obvious implication of having more targets to go over, embedded devices create a bigger problem. It is much harder to patch hardware than it is software. If software has a problem, you can run a patch. If hardware has a vulnerability, it will take longer to fix and increase the attack surface. Smart grid is a good example of items 9 and 10 combined together.