Wolfgang Boehmer

Bio: Wolfgang Boehmer is an academic researcher from Technische Universität Darmstadt. The author has contributed to research in topics: Information security management system & Business continuity. The author has an hindex of 8, co-authored 15 publications receiving 182 citations.

Appraisal of the Effectiveness and Efficiency of an Information Security Management System Based on ISO 27001

Abstract: The ISO27001:2005, as an information security management system (ISMS), is establishing itself more and more as the security standard in enterprises. In 2008 more than 4457 certified enterprises could be registered worldwide. Nevertheless, the registering an ISMS still says nothing about the quality and performance of its implementation. Therefore, in this article, a method for measuring the performance of the implementation and operation of an ISMS is presented.

Cost-Benefit Trade-Off Analysis of an ISMS Based on ISO 27001

Abstract: If companies wish to safeguard their value chain, they should invest with the singular goal of securing revenues by taking adequate risk countermeasures. However, the investment in the risk countermeasure must be reflected in the adequate safeguarding of the value chain. In other words, the investment in the safeguarding, e.g., implementation of an ISMS based on ISO/IEC 27001:2005, must be comparable to the benefit of the value chain. As a direct analysis is difficult, a suitable alternative must be found. In this paper, we propose using Key Performance Indicators (KPI) as a suitable alternative that maintains the effectiveness and economic efficiency of an ISMS. However, the KPI of effectiveness and efficiency are contradictory and constitute a trade-off. In order to minimize turnover reduction, we propose using combinatorial optimization. Such optimization should weigh the benefit of a policy in terms of risk for each control against the cost of each control in terms of avoiding, mitigating or transferring the risk up to some predetermined investment limit.

Survivability and Business Continuity Management System According to BS 25999

Abstract: In this paper, a new model is presented for evaluating the performance of a Business Continuity Management System according to BS 25999. This model is able to calculate the survivability \emph{ex-ante} if the key performance indicator for the effectiveness exists. Performance is based fundamentally on the system's Business Continuity Plans and Disaster Recovery Plans. Typically, the performance of these plans is evaluated by a number of specific exercises at various intervals and, in many cases, with a variety of targets. Furthermore, these specific exercises are rerun after a longer period ($\ge $ a year) and then often only partially. If a company is interested in taking performance measurements over a shorter period, obstacles and financial restrictions are often encountered. Furthermore, it is difficult for companies to give an \emph{ex-ante} statement of their survival in the case of a disaster.Two key performance indicators are presented that allow the performance of a Business Continuity Management System to be evaluated according to BS 25999. Using these key performance indicators, the probability of survival can be estimated before extreme events occur.

Evaluation of a business continuity plan using process algebra and modal logic

Abstract: Since (1996) Knight and Pretty published their study about the impact of catastrophes on shareholder value, the need for a business continuity management system (BCMS) became clear. Once a BCMS is in place, the corresponding risks can be insured against. The BS 25999 certificate can serve as proof of implementation. It requires defined business continuity plans (BCP). However, processes based on BCPs are rarely tested. Therefore, little knowledge is available to confirm their proper functioning and their non-functional properties. This paper addresses the verification of BCPs. We show how to model, simulate and verify normal business processes and business processes that are based on a BCP. As a formal method, we use process algebra and modal logic to explain the semantics of conceptual business process models. Our study places emphasis on questions regarding the potential capacity and duration of a process based on a BCP as well as those of an organizational security policy. By doing this, we are able to demonstrate that ex-ante evaluation is not only possible but also effective.

Toward a Target Function of an Information Security Management System

Abstract: The limits of traditional (static) policies are well-known in many areas of computer science and information security, and are extensively discussed in the literature. Although some flexibility has been achieved with the introduction of dynamic policies, these efforts have only addressed a fraction of the requirements necessary to secure today's enterprises. Currently, no feedback mechanisms are in place to evaluate the effectiveness or economic impacts of static or dynamic policy implementation. Here, we address the requirement for feedback and present a policy for the next generation. This is a policy that includes a dynamic feedback response to the effectiveness of changes. The structure of this new type of policy, called a ``management system'', is borrowed from discrete event system (DES) theory and functions as a control loop. A management system consists of four elements (control system, sensor, controller, and actuator) that are involved in a control law. Two types of management system can be defined. A simple management system (1$^\textrm{st}$ order management system) responds to and regulates only perturbations. An advanced management system (2$^\textrm{nd}$ order management system) has an overarching target function that influences the controller. This target function is usually economically oriented. Finally, we compare our new type of policy with two management systems that follows the Plan-Do-Check-Act (PDCA cycle) model. We investigate the two PDCA cycle standards ISO/IEC 27001 (Information Security Management System, ISMS) and BS 25999 (Business Continuity Management System, BCMS). We also show that the new type of policy can be applied to management systems based on a PDCA cycle.

Out of the Crisis

Abstract: According to W. Edwards Deming, American companies require nothing less than a transformation of management style and of governmental relations with industry. In Out of the Crisis, originally published in 1982, Deming offers a theory of management based on his famous 14 Points for Management. Management's failure to plan for the future, he claims, brings about loss of market, which brings about loss of jobs. Management must be judged not only by the quarterly dividend, but by innovative plans to stay in business, protect investment, ensure future dividends, and provide more jobs through improved product and service. In simple, direct language, he explains the principles of management transformation and how to apply them.

Two Formal Analyses of Attack Graphs

Abstract: An attack graph is a succinct representation of all paths through a system that end in a state where an intruder has successfully achieved his goal. Today Red Teams determine the vulnerability of networked systems by drawing gigantic attack graphs by hand. Constructing attack graphs by hand is tedious, error-prone, and impractical for large systems. By viewing an attack as a violation of a safety property, we can use off-the-shelf model checking technology to produce attack graphs automatically: a successful path from the intruder's viewpoint is a counterexample produced by the model checker In this paper we present an algorithm for generating attack graphs using model checking as a subroutine. Security analysts use attack graphs for detection, defense and forensics. In this paper we present a minimization analysis technique that allows analysts to decide which minimal set of security measures would guarantee the safety of the system. We provide a formal characterization of this problem: we prove that it is polynomially equivalent to the minimum hitting set problem and we present a greedy algorithm with provable bounds. We also present a reliability analysis technique that allows analysts to perform a simple cost-benefit trade-off depending on the likelihoods of attacks. By interpreting attack graphs as Markov Decision Processes we can use the value iteration algorithm to compute the probabilities of intruder success for each attack the graph.