{"title":"Modeling Cybersecurity Operations to Improve Resilience","authors":"Ivan W. Taylor, Keith D. Willett","doi":"10.1002/iis2.13132","DOIUrl":null,"url":null,"abstract":"<p>In this paper, we explore the concept of operational resilience of a network or system of computer systems, focusing on the processes of a cybersecurity team within the multi-disciplinary network security operations center. The computer system under examination has faced a cyber-attack that has reduced its capability. The organization's reputation is damaged temporarily but can be restored if the network security operations center can quickly restore the organization's ability to produce desired results. After a cyber-attack, we examine the processes for restoring the system's capability to its original level. These processes will happen sequentially and require close coordination of the cybersecurity team members. We examine a balanced and adaptive assignment policy within the cybersecurity organization to the various processes, showing how these policies can impact the speed with which the system's capability can be restored. Our findings reveal that the adaptive assignment policy among the team members can increase the system restoration rate even though recovering the complete capability of the system may be the same.</p>","PeriodicalId":100663,"journal":{"name":"INCOSE International Symposium","volume":"34 1","pages":"53-71"},"PeriodicalIF":0.0000,"publicationDate":"2024-09-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"INCOSE International Symposium","FirstCategoryId":"1085","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1002/iis2.13132","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
In this paper, we explore the concept of operational resilience of a network or system of computer systems, focusing on the processes of a cybersecurity team within the multi-disciplinary network security operations center. The computer system under examination has faced a cyber-attack that has reduced its capability. The organization's reputation is damaged temporarily but can be restored if the network security operations center can quickly restore the organization's ability to produce desired results. After a cyber-attack, we examine the processes for restoring the system's capability to its original level. These processes will happen sequentially and require close coordination of the cybersecurity team members. We examine a balanced and adaptive assignment policy within the cybersecurity organization to the various processes, showing how these policies can impact the speed with which the system's capability can be restored. Our findings reveal that the adaptive assignment policy among the team members can increase the system restoration rate even though recovering the complete capability of the system may be the same.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
