Managing business health in the presence of malicious attacks

Saman A. Zonouz, Aashish Sharma, Harigovind V. Ramasamy, Zbigniew T. Kalbarczyk, Birgit Pfitzmann, Kevin McAuliffe, Ravishankar K. Iyer, William H. Sanders, Eric Cope

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Scopus citations

Abstract

Business metrics play a critical role in determining the best system-level configuration to achieve an organizational business-level goal. We present a framework for reasoning about business-level implications of malicious attacks affecting information technology (IT) systems that underlie various business processes. Through an exemplar web-based retail company scenario, we demonstrate how to quantify both the relative value of the individual business processes, and the relative cost to the business caused by breach of key security properties. The framework allows for mapping business-level metrics to IT system-level metrics, and uses a combination of those metrics to recommend optimal response actions and to guide recovery from security attacks. We validate the framework against three high-impact attack classes common in such web-based retail company situations.

Original languageEnglish (US)
Title of host publication2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks Workshops, DSN-W 2011
Pages9-14
Number of pages6
DOIs
StatePublished - Sep 2 2011
Event2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks Workshops, DSN-W 2011 - Hong Kong, China
Duration: Jun 27 2011Jun 30 2011

Publication series

NameProceedings of the International Conference on Dependable Systems and Networks

Other

Other2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks Workshops, DSN-W 2011
CountryChina
CityHong Kong
Period6/27/116/30/11

ASJC Scopus subject areas

  • Software
  • Hardware and Architecture
  • Computer Networks and Communications

Fingerprint Dive into the research topics of 'Managing business health in the presence of malicious attacks'. Together they form a unique fingerprint.

  • Cite this

    Zonouz, S. A., Sharma, A., Ramasamy, H. V., Kalbarczyk, Z. T., Pfitzmann, B., McAuliffe, K., Iyer, R. K., Sanders, W. H., & Cope, E. (2011). Managing business health in the presence of malicious attacks. In 2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks Workshops, DSN-W 2011 (pp. 9-14). [5958856] (Proceedings of the International Conference on Dependable Systems and Networks). https://doi.org/10.1109/DSNW.2011.5958856