Please use this identifier to cite or link to this item: http://hdl.handle.net/10125/71470

Towards an Organizationally-Relevant Quantification of Cyber Resilience

File Size Format  
0691.pdf 1.33 MB Adobe PDF View/Open

Item Summary

Title:Towards an Organizationally-Relevant Quantification of Cyber Resilience
Authors:Llanso, Thomas
Mcneil, Martha
Keywords:Cyber Systems: Their Science, Engineering, and Security
cyber risk resilience quantification
Date Issued:05 Jan 2021
Abstract:Given the difficulty of fully securing complex cyber systems, there is growing interest in making cyber systems resilient to the cyber threat. However, quantifying the resilience of a system in an organizationally-relevant manner remains a challenge. This paper describes initial research into a novel metric for quantifying the resilience of a system to cyber threats called the Resilience Index (RI). We calculate the RI via an effects-based discrete event stochastic simulation that runs a large number of trials over a designated mission timeline. During the trials, adverse cyber events (ACEs) occur against cyber assets in a target system. We consider a trial a failure if an ACE causes the performance of any of the target system’s mission essential functions (MEFs) to fall below its assigned threshold level. Once all trials have completed, the simulator computes the ratio of successful trials to the total number of trials, yielding RI. The linkage of ACEs to MEFs provides the organizational tie.
Pages/Duration:10 pages
URI:http://hdl.handle.net/10125/71470
ISBN:978-0-9981331-4-0
DOI:10.24251/HICSS.2021.849
Rights:Attribution-NonCommercial-NoDerivatives 4.0 International
https://creativecommons.org/licenses/by-nc-nd/4.0/
Appears in Collections: Cyber Systems: Their Science, Engineering, and Security


Please email libraryada-l@lists.hawaii.edu if you need this content in ADA-compliant format.

This item is licensed under a Creative Commons License Creative Commons