Overview
Developed quantitative risk models for network security using Monte Carlo simulations, Bayesian inference and stochastic distributions. I then used linear programming to optimise how additional security controls should be deployed under constraints.
Why it’s interesting
The project demonstrates how quantitative risk analysis techniques can be applied to cybersecurity, enabling data-driven decisions on control deployment and cost-effective protection. The challenge was learning how to combine uncertain probabilistic risk with given deterministic values for controls.
Key Technical Points
- Probabilistic risk modelling: Computed ALE (Annualised Loss Expectancy) using triangular distributions for asset values and simulated loss impacts via Monte Carlo methods on log-normal and Pareto distributions
- Inverse transform sampling: Implemented manual inverse-transform sampling for log-normal and Pareto loss impacts using inverse-CDF to accurately model risk
- Bayesian analysis: Applied Bayes’ theorem and joint probability distributions to quantify the effectiveness of security scanning on breach likelihood
- Control optimisation: Formulated a linear programming model to meet risk reduction targets within budget, safeguard and maintenance constraints
- Model calibration: Used linear regression on historical data to estimate control effectiveness and load coefficients for optimisation
Tech Stack
Language: Python
Methods: Monte Carlo simulation, Bayesian inference, linear programming, SciPy