TELSAFE: Security Gap Quantitative Risk Assessment Framework

TL;DR

TELSAFE is a hybrid risk assessment framework that uses probabilistic modeling to quantitatively evaluate security gaps, reducing expert bias and supporting tailored risk management strategies in various industries.

Contribution

The paper introduces TELSAFE, a novel hybrid risk assessment framework combining probabilistic modeling with qualitative analysis, addressing expert bias and enhancing security gap evaluation.

Findings

Effective in real-world scenarios like telecommunications

Reduces expert opinion bias in risk assessment

Supports tailored security risk management strategies

Abstract

Gaps between established security standards and their practical implementation have the potential to introduce vulnerabilities, possibly exposing them to security risks. To effectively address and mitigate these security and compliance challenges, security risk management strategies are essential. However, it must adhere to well-established strategies and industry standards to ensure consistency, reliability, and compatibility both within and across organizations. In this paper, we introduce a new hybrid risk assessment framework called TELSAFE, which employs probabilistic modeling for quantitative risk assessment and eliminates the influence of expert opinion bias. The framework encompasses both qualitative and quantitative assessment phases, facilitating effective risk management strategies tailored to the unique requirements of organizations. A specific use case utilizing Common Vulnerabilities and Exposures (CVE)-related data demonstrates the framework's applicability and implementation in real-world scenarios, such as in the telecommunications industry.