Developing standard exercises and statistics to measure the impact of cyber defenses
Berninger, Matthew L.
MetadataShow full item record
As companies seek protection from cyber attacks, justifying proper levels of investment in cyber security is essential. Like all investments, cyber defense costs must be weighed against their expected benefits. While some cyber investment models exist that can relate costs and benefits, these models are largely untested with experimental data. This research develops an experimental framework and statistics for testing and measuring the efficacy of cyber mitigation methods, such that they can be integrated into existing cyber investment models. This work surveys cyber security investment models and frameworks. Using cyber exercises as a source of attack data, types of exercises and how information is recorded was studied. A proof of concept for an experimental framework able to record statistics on cyber exercise attacks and defenses was developed. The environment is intended to resemble that of an actual cyber attack, and to collect attack and defense data in a repeatable and technology-agnostic manner. Possible future work could illuminate mathematical relationships between threat and mitigation. Statistics and procedures are proposed that are applicable to the specific proposed and similar frameworks. Such statistics could be incorporated into cyber models, ultimately leading to a more rational understanding of cyber attack and defense.
Showing items related by title, author, creator and subject.
Mobile sensor networks a discrete event simulation of WMD threat detection in urban traffic schemes Hyink, Jeffrey F. (Monterey, California. Naval Postgraduate School, 2007-03);The rise of the threat of WMD attack on American soil necessitates new and innovative approaches to homeland security. A layered security model has been proposed in which an attacker must successfully penetrate multiple ...
Naval Postgraduate School Center for Homeland Defense and Security (CHDS) (Monterey, California. Naval Postgraduate SchoolCenter for Homeland Defense and Security, 2009-09);September 2009. The overarching theme of this issue of Homeland Security Affairs is response – to public health emergencies, natural and man-made disasters, threats of nuclear attack, and the messages of terrorists. One ...
Optimizing Department of Homeland Security Defense Investments: Applying Defender‐Attacker (‐Defender) Optimization to Terror Risk Assessment and Mitigation Brown, G.; Carlyle, M.; Wood, K. (2008);The U.S. Department of Homeland Security (DHS) is investing billions of dollars to protect us from terrorist attacks and their expected damage (i.e., risk). We present prescriptive optimization models to guide these ...