Quantifying and measuring cyber resiliency

Cyber resliency has become an increasingly attractive research and operational concept in cyber security. While several metrics have been proposed for quantifying cyber resiliency, a considerable gap remains between those metrics and operationally measurable and meaningful concepts that can be empirically determined in a scientific manner. This paper describes a concrete notion of cyber resiliency that can be tailored to meet specific needs of organizations that seek to introduce resiliency into their assessment of their cyber security posture.

[1]  Sushil Jajodia,et al.  MTD 2014: First ACM Workshop on Moving Target Defense , 2014, CCS.

[2]  Deb Bodeau,et al.  Cyber Resiliency Metrics, Version 1.0, Rev. 1 , 2012 .

[3]  Dijiang Huang,et al.  MTD 2015: Second ACM Workshop on Moving Target Defense , 2015, CCS.

[4]  Sushil Jajodia,et al.  Adversarial and Uncertain Reasoning for Adaptive Cyber Defense: Building the Scientific Foundation , 2014, ICISS.

[5]  Igor Linkov,et al.  Resilience metrics for cyber systems , 2013, Environment Systems and Decisions.

[6]  Zachary A. Collier,et al.  Cybersecurity Standards: Managing Risk and Creating Resilience , 2014, Computer.

[7]  Sushil Jajodia,et al.  Moving Target Defense - Creating Asymmetric Uncertainty for Cyber Threats , 2011, Moving Target Defense.

[8]  Matt Bishop,et al.  What Is Computer Security? , 2003, IEEE Secur. Priv..

[9]  Bruce Schneier,et al.  The Future of Incident Response , 2014, IEEE Secur. Priv..

[10]  Lara Khansa,et al.  Quantifying Cyberinfrastructure Resilience against Multi-Event Attacks , 2012, Decis. Sci..

[11]  Yacov Y Haimes,et al.  On the Definition of Resilience in Systems , 2009, Risk analysis : an official publication of the Society for Risk Analysis.

[12]  Anas AlMajali,et al.  Analyzing Resiliency of the Smart Grid Communication Architectures under Cyber Attack , 2012, CSET.

[13]  Zachary A. Collier,et al.  Systems engineering framework for cyber physical security and resilience , 2015, Environment Systems and Decisions.

[14]  Sari Stern Greene Security Policies and Procedures: Principles and Practices , 2005 .

[15]  David Hyde,et al.  Evaluating network cyber resiliency methods using cyber threat, Vulnerability and Defense Modeling and Simulation , 2012, MILCOM 2012 - 2012 IEEE Military Communications Conference.

[16]  Michael Pecht,et al.  Reliability Engineering , 2014 .

[17]  Michel Bruneau,et al.  A Framework to Quantitatively Assess and Enhance the Seismic Resilience of Communities , 2003 .

[18]  David W. White CERT Resiliency Engineering Framework , 2007 .

[19]  Devanandham Henry,et al.  Generic metrics and quantitative approaches for system resilience as a function of time , 2012, Reliab. Eng. Syst. Saf..

[20]  C. S. Holling Resilience and Stability of Ecological Systems , 1973 .