Published: July 10, 2018
Author(s)
Chen Cao (Penn State University), Lunpin Yuan (Penn State University), Anoop Singhal (NIST), Peng Liu (Penn State University), Xiaoyan Sun (California State University), Sencun Zhu (Penn State University)
Conference
Name: IFIP Annual Conference on Data and Applications Security and Privacy
Dates: 07/01/2018
Location: Bergamo, Italy
Citation: DBSec 2018: Data and Applications Security and Privacy XXXII, vol. 10980, pp. 330-348
Cyber-defense and cyber-resilience techniques sometimes fail in defeating cyber-attacks. One of the primary causes is the ineffectiveness of business process impact assessment in the enterprise network. In this paper, we propose a new business process impact assessment method, which measures the impact of an attack towards a business-process-support enterprise network and produces a numerical score for this impact. The key idea is that all attacks are performed by exploiting vulnerabilities in the enterprise network. So the impact scores for business processes are the function result of the severity of the vulnerabilities and the relations between vulnerabilities and business processes. This paper conducts a case study systematically and the result shows the effectiveness of our method.
Cyber-defense and cyber-resilience techniques sometimes fail in defeating cyber-attacks. One of the primary causes is the ineffectiveness of business process impact assessment in the enterprise network. In this paper, we propose a new business process impact assessment method, which measures the...
See full abstract
Cyber-defense and cyber-resilience techniques sometimes fail in defeating cyber-attacks. One of the primary causes is the ineffectiveness of business process impact assessment in the enterprise network. In this paper, we propose a new business process impact assessment method, which measures the impact of an attack towards a business-process-support enterprise network and produces a numerical score for this impact. The key idea is that all attacks are performed by exploiting vulnerabilities in the enterprise network. So the impact scores for business processes are the function result of the severity of the vulnerabilities and the relations between vulnerabilities and business processes. This paper conducts a case study systematically and the result shows the effectiveness of our method.
Hide full abstract
Keywords
mission impact; active cyber defense; cloud computing; attack graphs
Control Families
None selected