TY - GEN
T1 - Selection of mitigation actions based on financial and operational impact assessments
AU - Granadillo, Gustavo Gonzalez
AU - Garcia-Alfaro, Joaquin
AU - Debar, Hervé
AU - Motzek, Alexander
N1 - Publisher Copyright:
© 2016 IEEE.
PY - 2016/12/14
Y1 - 2016/12/14
N2 - Finding adequate responses to ongoing attacks on ICT systems is a pertinacious problem and requires assessments from different perpendicular viewpoints. However, current research focuses on reducing the impact of an attack irregardless of side-effects caused by responses. In order to achieve a comprehensive yet accurate response to possible and ongoing attacks on a managed ICT system, we propose an approach that relies on a response system that continuously quantifies risks, and decides how to respond to cyber-threats that target a monitored ICT system. Our Dynamic Risk Management Response (DRMR) model is composed of two main modules: a Response Financial Impact Assessor (RFIA), which provides an assessment concerning the potential financial impact that responses may cause to an organization; and a Response Operational Impact Assessor (ROIA), which assesses potential impacts that efficient mitigation actions may cause on the organization in an operational perspective. As a result, the DRMR model proposes response plans to mitigate identified risks, enable choice of the most suitable response possibilities to reduce identified risks below an admissible level while minimizing potential negative side effects of deliberately taken actions.
AB - Finding adequate responses to ongoing attacks on ICT systems is a pertinacious problem and requires assessments from different perpendicular viewpoints. However, current research focuses on reducing the impact of an attack irregardless of side-effects caused by responses. In order to achieve a comprehensive yet accurate response to possible and ongoing attacks on a managed ICT system, we propose an approach that relies on a response system that continuously quantifies risks, and decides how to respond to cyber-threats that target a monitored ICT system. Our Dynamic Risk Management Response (DRMR) model is composed of two main modules: a Response Financial Impact Assessor (RFIA), which provides an assessment concerning the potential financial impact that responses may cause to an organization; and a Response Operational Impact Assessor (ROIA), which assesses potential impacts that efficient mitigation actions may cause on the organization in an operational perspective. As a result, the DRMR model proposes response plans to mitigate identified risks, enable choice of the most suitable response possibilities to reduce identified risks below an admissible level while minimizing potential negative side effects of deliberately taken actions.
U2 - 10.1109/ARES.2016.3
DO - 10.1109/ARES.2016.3
M3 - Conference contribution
AN - SCOPUS:85015342992
T3 - Proceedings - 2016 11th International Conference on Availability, Reliability and Security, ARES 2016
SP - 137
EP - 146
BT - Proceedings - 2016 11th International Conference on Availability, Reliability and Security, ARES 2016
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 11th International Conference on Availability, Reliability and Security, ARES 2016
Y2 - 31 August 2016 through 2 September 2016
ER -