Module 4: Course Project

In this module, you will generate an estimate of risk from the CVE-2024-21413 Outlook vulnerability for the New York office.

You will first set up a probability tree, then carry the estimates into the Bayes’ box model to determine if the initial estimate can be refined.

Using the probability tree model, input the labels where A=Compromise, B=Malicious Email, ~A=No Compromise, and ~B=Legitimate Email.

Complete the following steps:

  1. Use the 12 incidents per month across all offices to estimate the per-person probability. Given that there are 50 employees, what is the per-person probability of receiving a malicious email?
  2. Because the vulnerability you are modeling has known available exploits, Increase the per-person probability by 30% (increase it by 30% of the initial per-person value).
  3. What is the value for ~B?
  4. Use the percentage of users in New York who have the CVE-2024-21413 as the probability of compromise after receiving a malicious email.
  5. What is the probability of No Compromise after receiving a malicious email?
  6. Use .10 as the probability of compromise after receiving a legitimate email. What is the probability of No Compromise after receiving a legitimate email?
  7. Transfer the joint probabilities from the probability tree model into the Bayes’ box model. What is the new Posterior?
  8. In the Bayes’ box, use the original posterior value as a new prior, keep the likelihood value, but change the data value to adjust the new posterior as close to 1.0 as possible. What is the best new value for data that yields a posterior as close to 1.0 as possible?
  9. What is the overall probability of A?
  10. What is the overall probability of ~A?

License

Icon for the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License

Cybersecurity Risk Quantification Copyright © 2024 by Charlene Deaver-Vazquez is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License, except where otherwise noted.