U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

Measuring Security Risk in Enterprise Networks

A Layered Graphical Model for Mission Impact Analysis

Organizational mission enabled by networked infrastructure can be impacted by cyber attacks.  Mission is defined as a set of business processes that provide some service. For example, the mission of a travel management system is to provide a set of business processes to support airline and hotel reservation. Quantifying the impact of cyber attacks is of importance to mission planners. Mission impact evaluation approaches and tools provide a way to estimate the impact of cyber attacks on missions.

 

In an enterprise information environment, the system supports different business processes using the services provided by software and hardware assets. Attacker generally exploits the vulnerability in assets, however the ultimate objective is to impact the business processes that run on those assets. Each service can run on multiple assets and one service can be dependent on another service.  Therefore, evaluating the impact of a security event or a vulnerability on a set of services is a challenge. In this project, we have developed a graphical model to analyze the impact of attacks on business processes and services.  We have also used a case study to show how the model computes the impact of attacks on business processes in a cloud environment.

Contacts

Dr. Anoop Singhal - National Institute of Standards and Technology / Computer Security Division
anoop.singhal@nist.gov
301-975-4432

Created November 30, 2016, Updated June 22, 2020