joshua-m-connors/cyber-incident-mcmc-pymc: Code that implements Factor Analysis of Information Risk (FAIR) using Markov Chain Monte Carlo (via PyMC) to determine the frequency of successful attacks.

Source: GitHub

Author: unknown

URL: https://github.com/joshua-m-connors/cyber-incident-mcmc-pymc

https://github.com/joshua-m-connors/cyber-incident-mcmc-pymc

ONE SENTENCE SUMMARY:

This framework integrates FAIR and MITRE ATT&CK for comprehensive cyber risk assessment using simulations and analytic dashboards.

MAIN POINTS:

  1. Combines FAIR taxonomy with MITRE ATT&CK for quantitative cyber risk modeling.
  2. Utilizes Bayesian inference and Monte Carlo simulation for risk estimation.
  3. Generates annualized loss distribution and diagnostic dashboards.
  4. Requires Python3, PyMC, and Jupyter Notebooks (optional) to run.
  5. Three primary scripts facilitate data processing and risk analysis.
  6. Builds a mitigation influence template from the MITRE ATT&CK dataset.
  7. Updates mitigation strengths via CSV for each tactic.
  8. Outputs interactive dashboards and detailed risk reports.
  9. Key metrics include annual loss, incident frequency, and Single Loss Expectancy.
  10. Expected accuracy is ensured through AAL decomposition validation.

TAKEAWAYS:

  1. Enables robust, data-driven cyber risk evaluation.
  2. Provides detailed, interactive insights into control strengths.
  3. Ensures alignment with current MITRE datasets.
  4. Offers reproducibility and transparency in risk metrics.
  5. Facilitates regular updates for evolving cybersecurity threats.