Um sistema multiagente para geração automática de uma rede Bayesiana para análise de riscos de tecnologia de informação

Abstract

Every year information gains more significance in the corporative scenario and information technology system use is incresingly more commom on different segment companies. However, these systems are composed by applications that are under vulnerabilities that can compromise the confidentiality, integrity and availability, i.e. infomation security. Technology providers are always correcting flaws in their tools and providing it for their products in order for them to be safer. The flaw correction process considers some time until the client update his system. Many times this window is not enough to avoid a security incident, which turns necessary workarounds for minimizing risks concerning these vulnerable applications. The risks evaluation/analysis process aims primarily actions to mitigate these risks. This process is ardous, involving the identification of vulnerabilities in the used applications of a company, with this number growing each day. For supporting the information technology risks evaluation/analysis, a method for automated generation of a Bayesian Network multiagent system was proposed. This system is composed by four agents, one being destinated to monitoring vulnerabilities in National Vulnerability Database, another one for monitoring actives that compose the organition business, another one is responsible for to monitor the incidents occured in the organization enviroment and another one to gather all these information with the objective of determining a risk factor for the organization actives. The last one uses a Bayesian Network in order to determine the risk factor for the organization actives. The proposed method has shown to be effective in the identification of enviroment changes and in the changing of active risks according with several factors that influence its calculation, such as the emergence or changing of vulnerabilities, emergence or alteration on the business organization actives configuration database or identification and alteration of security incidents report on the company enviroment.