Selection of Pareto-efficient response plans based on financial and operational assessments

Alexander Motzek*, Gustavo Gonzalez-Granadillo, Hervé Debar, Joaquin Garcia-Alfaro, Ralf Möller

*Korrespondierende/r Autor/-in für diese Arbeit
1 Zitat (Scopus)

Abstract

Finding adequate responses to ongoing attacks on ICT systems is a pertinacious problem and requires assessments from different perpendicular viewpoints. However, current research focuses on reducing the impact of an attack irregardless of side effects caused by responses. In order to achieve a comprehensive yet accurate response to possible and ongoing attacks on a managed ICT system, we propose an approach that evaluates a response from two perpendicular perspectives: (1) A response financial impact assessment, considering the financial benefits of restoring and protecting potentially threatened operational capabilities while considering implementation and maintenance costs of responses. (2) A response operational impact assessment, which assesses potential impacts that efficient mitigation actions may inadvertently cause on the organization in an operational perspective, e.g., negative side effects of deploying mitigations. It is the key benefit of the presented approach to combine all obtained evaluations with a multi-dimensional optimization procedure such that a response plan is selected which reduces a state of risk below an admissible level while minimizing potential negative side effects of deliberately taken actions.

OriginalspracheEnglisch
Aufsatznummer12
ZeitschriftEurasip Journal on Information Security
Jahrgang2017
Ausgabenummer1
DOIs
PublikationsstatusVeröffentlicht - 01.12.2017

DFG-Fachsystematik

  • 409-06 Informationssysteme, Prozess- und Wissensmanagement

Fingerprint

Untersuchen Sie die Forschungsthemen von „Selection of Pareto-efficient response plans based on financial and operational assessments“. Zusammen bilden sie einen einzigartigen Fingerprint.

Zitieren