Managing business health in the presence of malicious attacks

Saman A. Zonouz; Aashish Sharma; Harigovind V. Ramasamy; Zbigniew T Kalbarczyk; Birgit Pfitzmann; Kevin McAuliffe; Ravishankar K Iyer; William H Sanders; Eric Cope

doi:10.1109/DSNW.2011.5958856

Managing business health in the presence of malicious attacks

Saman A. Zonouz, Aashish Sharma, Harigovind V. Ramasamy, Zbigniew T Kalbarczyk, Birgit Pfitzmann, Kevin McAuliffe, Ravishankar K Iyer, William H Sanders, Eric Cope

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Business metrics play a critical role in determining the best system-level configuration to achieve an organizational business-level goal. We present a framework for reasoning about business-level implications of malicious attacks affecting information technology (IT) systems that underlie various business processes. Through an exemplar web-based retail company scenario, we demonstrate how to quantify both the relative value of the individual business processes, and the relative cost to the business caused by breach of key security properties. The framework allows for mapping business-level metrics to IT system-level metrics, and uses a combination of those metrics to recommend optimal response actions and to guide recovery from security attacks. We validate the framework against three high-impact attack classes common in such web-based retail company situations.

Original language	English (US)
Title of host publication	2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks Workshops, DSN-W 2011
Pages	9-14
Number of pages	6
DOIs	https://doi.org/10.1109/DSNW.2011.5958856
State	Published - 2011
Event	2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks Workshops, DSN-W 2011 - Hong Kong, China Duration: Jun 27 2011 → Jun 30 2011

Publication series

Name	Proceedings of the International Conference on Dependable Systems and Networks

Other

Other	2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks Workshops, DSN-W 2011
Country/Territory	China
City	Hong Kong
Period	6/27/11 → 6/30/11

ASJC Scopus subject areas

Software
Hardware and Architecture
Computer Networks and Communications

Online availability

10.1109/DSNW.2011.5958856

Library availability

Discover UIUC Full Text

Cite this

Zonouz, S. A., Sharma, A., Ramasamy, H. V., Kalbarczyk, Z. T., Pfitzmann, B., McAuliffe, K., Iyer, R. K., Sanders, W. H., & Cope, E. (2011). Managing business health in the presence of malicious attacks. In 2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks Workshops, DSN-W 2011 (pp. 9-14). Article 5958856 (Proceedings of the International Conference on Dependable Systems and Networks). https://doi.org/10.1109/DSNW.2011.5958856

Managing business health in the presence of malicious attacks. / Zonouz, Saman A.; Sharma, Aashish; Ramasamy, Harigovind V. et al.
2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks Workshops, DSN-W 2011. 2011. p. 9-14 5958856 (Proceedings of the International Conference on Dependable Systems and Networks).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Zonouz, SA, Sharma, A, Ramasamy, HV, Kalbarczyk, ZT, Pfitzmann, B, McAuliffe, K, Iyer, RK, Sanders, WH & Cope, E 2011, Managing business health in the presence of malicious attacks. in 2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks Workshops, DSN-W 2011., 5958856, Proceedings of the International Conference on Dependable Systems and Networks, pp. 9-14, 2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks Workshops, DSN-W 2011, Hong Kong, China, 6/27/11. https://doi.org/10.1109/DSNW.2011.5958856

Zonouz SA, Sharma A, Ramasamy HV, Kalbarczyk ZT, Pfitzmann B, McAuliffe K et al. Managing business health in the presence of malicious attacks. In 2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks Workshops, DSN-W 2011. 2011. p. 9-14. 5958856. (Proceedings of the International Conference on Dependable Systems and Networks). doi: 10.1109/DSNW.2011.5958856

@inproceedings{9ff6a4fa573b4a9cadec020bdb0eda58,

title = "Managing business health in the presence of malicious attacks",

abstract = "Business metrics play a critical role in determining the best system-level configuration to achieve an organizational business-level goal. We present a framework for reasoning about business-level implications of malicious attacks affecting information technology (IT) systems that underlie various business processes. Through an exemplar web-based retail company scenario, we demonstrate how to quantify both the relative value of the individual business processes, and the relative cost to the business caused by breach of key security properties. The framework allows for mapping business-level metrics to IT system-level metrics, and uses a combination of those metrics to recommend optimal response actions and to guide recovery from security attacks. We validate the framework against three high-impact attack classes common in such web-based retail company situations.",

author = "Zonouz, {Saman A.} and Aashish Sharma and Ramasamy, {Harigovind V.} and Kalbarczyk, {Zbigniew T} and Birgit Pfitzmann and Kevin McAuliffe and Iyer, {Ravishankar K} and Sanders, {William H} and Eric Cope",

year = "2011",

doi = "10.1109/DSNW.2011.5958856",

language = "English (US)",

isbn = "9781457703751",

series = "Proceedings of the International Conference on Dependable Systems and Networks",

pages = "9--14",

booktitle = "2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks Workshops, DSN-W 2011",

note = "2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks Workshops, DSN-W 2011 ; Conference date: 27-06-2011 Through 30-06-2011",

}

TY - GEN

T1 - Managing business health in the presence of malicious attacks

AU - Zonouz, Saman A.

AU - Sharma, Aashish

AU - Ramasamy, Harigovind V.

AU - Kalbarczyk, Zbigniew T

AU - Pfitzmann, Birgit

AU - McAuliffe, Kevin

AU - Iyer, Ravishankar K

AU - Sanders, William H

AU - Cope, Eric

PY - 2011

Y1 - 2011

N2 - Business metrics play a critical role in determining the best system-level configuration to achieve an organizational business-level goal. We present a framework for reasoning about business-level implications of malicious attacks affecting information technology (IT) systems that underlie various business processes. Through an exemplar web-based retail company scenario, we demonstrate how to quantify both the relative value of the individual business processes, and the relative cost to the business caused by breach of key security properties. The framework allows for mapping business-level metrics to IT system-level metrics, and uses a combination of those metrics to recommend optimal response actions and to guide recovery from security attacks. We validate the framework against three high-impact attack classes common in such web-based retail company situations.

AB - Business metrics play a critical role in determining the best system-level configuration to achieve an organizational business-level goal. We present a framework for reasoning about business-level implications of malicious attacks affecting information technology (IT) systems that underlie various business processes. Through an exemplar web-based retail company scenario, we demonstrate how to quantify both the relative value of the individual business processes, and the relative cost to the business caused by breach of key security properties. The framework allows for mapping business-level metrics to IT system-level metrics, and uses a combination of those metrics to recommend optimal response actions and to guide recovery from security attacks. We validate the framework against three high-impact attack classes common in such web-based retail company situations.

UR - http://www.scopus.com/inward/record.url?scp=80052167190&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=80052167190&partnerID=8YFLogxK

U2 - 10.1109/DSNW.2011.5958856

DO - 10.1109/DSNW.2011.5958856

M3 - Conference contribution

AN - SCOPUS:80052167190

SN - 9781457703751

T3 - Proceedings of the International Conference on Dependable Systems and Networks

SP - 9

EP - 14

BT - 2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks Workshops, DSN-W 2011

T2 - 2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks Workshops, DSN-W 2011

Y2 - 27 June 2011 through 30 June 2011

ER -

Managing business health in the presence of malicious attacks

Abstract

Publication series

Other

ASJC Scopus subject areas

Online availability

Library availability

Related links

Fingerprint

Cite this