Homebrew Monte Carlo Simulations for Security Risk Analysis Part 2

Source: Black Swan Security Author: Phil URL: https://blog.blackswansecurity.com/2020/08/homebrew-monte-carlo-simulations-for-security-risk-analysis-part-2/

1. ONE SENTENCE SUMMARY: The article discusses implementing a Monte Carlo simulation for risk analysis in cybersecurity using Poisson and Modified PERT distributions.

2. MAIN POINTS:

3. Quantitative analysis was initially implemented in JavaScript for cybersecurity risks.

4. High occurrence rates caused issues in the earlier simulation approach.

5. Doug Hubbard recommended using the Poisson distribution for better accuracy.

6. The R programming language was chosen for inverse sampling of Poisson distribution.

7. The qpois function in R samples quartiles based on occurrence rates.

8. The lognormal distribution was previously used for estimating harm.

9. The Modified PERT distribution offers better handling of long-tail values.

10. The function qpert from the mc2d package samples harm estimates.

11. Combining Poisson and Modified PERT results requires careful coding in R.

12. The article mentions Netflix’s open source RiskQuant project as a useful tool.

13. TAKEAWAYS:

14. Monte Carlo simulations can enhance cybersecurity risk analysis.

15. Poisson distribution improves accuracy for high-occurrence risks.

16. R is a suitable choice for complex statistical sampling in simulations.

17. Modified PERT can be more effective than lognormal in risk modeling.

18. Community tools like RiskQuant can save time and effort in simulations.