Managing business health in the presence of malicious attacks

Saman A. Zonouz, Aashish Sharma, Harigovind V. Ramasamy, Zbigniew T. Kalbarczyk, Birgit Pfitzmann, Kevin McAuliffe, Ravishankar K. Iyer, William H. Sanders, Eric Cope

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Citations (Scopus)

Abstract

Business metrics play a critical role in determining the best system-level configuration to achieve an organizational business-level goal. We present a framework for reasoning about business-level implications of malicious attacks affecting information technology (IT) systems that underlie various business processes. Through an exemplar web-based retail company scenario, we demonstrate how to quantify both the relative value of the individual business processes, and the relative cost to the business caused by breach of key security properties. The framework allows for mapping business-level metrics to IT system-level metrics, and uses a combination of those metrics to recommend optimal response actions and to guide recovery from security attacks. We validate the framework against three high-impact attack classes common in such web-based retail company situations.

Original languageEnglish
Title of host publicationProceedings of the International Conference on Dependable Systems and Networks
Pages9-14
Number of pages6
DOIs
StatePublished - Sep 2 2011
Event2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks Workshops, DSN-W 2011 - Hong Kong, China
Duration: Jun 27 2011Jun 30 2011

Other

Other2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks Workshops, DSN-W 2011
CountryChina
CityHong Kong
Period6/27/116/30/11

Fingerprint

Health
Industry
Information technology
Recovery
Costs

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Hardware and Architecture
  • Software

Cite this

Zonouz, S. A., Sharma, A., Ramasamy, H. V., Kalbarczyk, Z. T., Pfitzmann, B., McAuliffe, K., ... Cope, E. (2011). Managing business health in the presence of malicious attacks. In Proceedings of the International Conference on Dependable Systems and Networks (pp. 9-14). [5958856] https://doi.org/10.1109/DSNW.2011.5958856

Managing business health in the presence of malicious attacks. / Zonouz, Saman A.; Sharma, Aashish; Ramasamy, Harigovind V.; Kalbarczyk, Zbigniew T.; Pfitzmann, Birgit; McAuliffe, Kevin; Iyer, Ravishankar K.; Sanders, William H.; Cope, Eric.

Proceedings of the International Conference on Dependable Systems and Networks. 2011. p. 9-14 5958856.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Zonouz, SA, Sharma, A, Ramasamy, HV, Kalbarczyk, ZT, Pfitzmann, B, McAuliffe, K, Iyer, RK, Sanders, WH & Cope, E 2011, Managing business health in the presence of malicious attacks. in Proceedings of the International Conference on Dependable Systems and Networks., 5958856, pp. 9-14, 2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks Workshops, DSN-W 2011, Hong Kong, China, 6/27/11. https://doi.org/10.1109/DSNW.2011.5958856
Zonouz SA, Sharma A, Ramasamy HV, Kalbarczyk ZT, Pfitzmann B, McAuliffe K et al. Managing business health in the presence of malicious attacks. In Proceedings of the International Conference on Dependable Systems and Networks. 2011. p. 9-14. 5958856 https://doi.org/10.1109/DSNW.2011.5958856
Zonouz, Saman A. ; Sharma, Aashish ; Ramasamy, Harigovind V. ; Kalbarczyk, Zbigniew T. ; Pfitzmann, Birgit ; McAuliffe, Kevin ; Iyer, Ravishankar K. ; Sanders, William H. ; Cope, Eric. / Managing business health in the presence of malicious attacks. Proceedings of the International Conference on Dependable Systems and Networks. 2011. pp. 9-14
@inproceedings{3b8f3a7f747a4bfb82061b068a991e0b,
title = "Managing business health in the presence of malicious attacks",
abstract = "Business metrics play a critical role in determining the best system-level configuration to achieve an organizational business-level goal. We present a framework for reasoning about business-level implications of malicious attacks affecting information technology (IT) systems that underlie various business processes. Through an exemplar web-based retail company scenario, we demonstrate how to quantify both the relative value of the individual business processes, and the relative cost to the business caused by breach of key security properties. The framework allows for mapping business-level metrics to IT system-level metrics, and uses a combination of those metrics to recommend optimal response actions and to guide recovery from security attacks. We validate the framework against three high-impact attack classes common in such web-based retail company situations.",
author = "Zonouz, {Saman A.} and Aashish Sharma and Ramasamy, {Harigovind V.} and Kalbarczyk, {Zbigniew T.} and Birgit Pfitzmann and Kevin McAuliffe and Iyer, {Ravishankar K.} and Sanders, {William H.} and Eric Cope",
year = "2011",
month = "9",
day = "2",
doi = "10.1109/DSNW.2011.5958856",
language = "English",
isbn = "9781457703751",
pages = "9--14",
booktitle = "Proceedings of the International Conference on Dependable Systems and Networks",

}

TY - GEN

T1 - Managing business health in the presence of malicious attacks

AU - Zonouz, Saman A.

AU - Sharma, Aashish

AU - Ramasamy, Harigovind V.

AU - Kalbarczyk, Zbigniew T.

AU - Pfitzmann, Birgit

AU - McAuliffe, Kevin

AU - Iyer, Ravishankar K.

AU - Sanders, William H.

AU - Cope, Eric

PY - 2011/9/2

Y1 - 2011/9/2

N2 - Business metrics play a critical role in determining the best system-level configuration to achieve an organizational business-level goal. We present a framework for reasoning about business-level implications of malicious attacks affecting information technology (IT) systems that underlie various business processes. Through an exemplar web-based retail company scenario, we demonstrate how to quantify both the relative value of the individual business processes, and the relative cost to the business caused by breach of key security properties. The framework allows for mapping business-level metrics to IT system-level metrics, and uses a combination of those metrics to recommend optimal response actions and to guide recovery from security attacks. We validate the framework against three high-impact attack classes common in such web-based retail company situations.

AB - Business metrics play a critical role in determining the best system-level configuration to achieve an organizational business-level goal. We present a framework for reasoning about business-level implications of malicious attacks affecting information technology (IT) systems that underlie various business processes. Through an exemplar web-based retail company scenario, we demonstrate how to quantify both the relative value of the individual business processes, and the relative cost to the business caused by breach of key security properties. The framework allows for mapping business-level metrics to IT system-level metrics, and uses a combination of those metrics to recommend optimal response actions and to guide recovery from security attacks. We validate the framework against three high-impact attack classes common in such web-based retail company situations.

UR - http://www.scopus.com/inward/record.url?scp=80052167190&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=80052167190&partnerID=8YFLogxK

U2 - 10.1109/DSNW.2011.5958856

DO - 10.1109/DSNW.2011.5958856

M3 - Conference contribution

AN - SCOPUS:80052167190

SN - 9781457703751

SP - 9

EP - 14

BT - Proceedings of the International Conference on Dependable Systems and Networks

ER -