{"title":"网络威胁、风险和预防成本的仿真建模","authors":"James E. Lerums, La'Reshia D. Poe, J. E. Dietz","doi":"10.1109/EIT.2018.8500240","DOIUrl":null,"url":null,"abstract":"Money spent on cybersecurity doesn't easily translate into an increase in an organization's operational success or increase in revenues and profitability. However, an organization suffering from a cyber-attack could incur significant additional costs which can detrimentally impact an organization trivially or catastrophically. This paper introduces a simulation model for analyzing the effectiveness versus cost of cyber security options. The outcomes of this study is a simulation model using state charts capable of running a configurable attack scenario several times for a specified enterprise network and threat. Given publicly available information our findings after running a phishing attack on a departmental workstation with the internal network's domain controller as the final target revealed that the overall success rate of a phishing attack reaching any node in a “generic enterprise” architecture is 20%, with less than 0% of the attacks reaching the intended target.","PeriodicalId":188414,"journal":{"name":"2018 IEEE International Conference on Electro/Information Technology (EIT)","volume":"90 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-05-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":"{\"title\":\"Simulation Modeling Cyber Threats, Risks, and Prevention Costs\",\"authors\":\"James E. Lerums, La'Reshia D. Poe, J. E. Dietz\",\"doi\":\"10.1109/EIT.2018.8500240\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Money spent on cybersecurity doesn't easily translate into an increase in an organization's operational success or increase in revenues and profitability. However, an organization suffering from a cyber-attack could incur significant additional costs which can detrimentally impact an organization trivially or catastrophically. This paper introduces a simulation model for analyzing the effectiveness versus cost of cyber security options. The outcomes of this study is a simulation model using state charts capable of running a configurable attack scenario several times for a specified enterprise network and threat. Given publicly available information our findings after running a phishing attack on a departmental workstation with the internal network's domain controller as the final target revealed that the overall success rate of a phishing attack reaching any node in a “generic enterprise” architecture is 20%, with less than 0% of the attacks reaching the intended target.\",\"PeriodicalId\":188414,\"journal\":{\"name\":\"2018 IEEE International Conference on Electro/Information Technology (EIT)\",\"volume\":\"90 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-05-03\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"6\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2018 IEEE International Conference on Electro/Information Technology (EIT)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/EIT.2018.8500240\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 IEEE International Conference on Electro/Information Technology (EIT)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/EIT.2018.8500240","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Simulation Modeling Cyber Threats, Risks, and Prevention Costs
Money spent on cybersecurity doesn't easily translate into an increase in an organization's operational success or increase in revenues and profitability. However, an organization suffering from a cyber-attack could incur significant additional costs which can detrimentally impact an organization trivially or catastrophically. This paper introduces a simulation model for analyzing the effectiveness versus cost of cyber security options. The outcomes of this study is a simulation model using state charts capable of running a configurable attack scenario several times for a specified enterprise network and threat. Given publicly available information our findings after running a phishing attack on a departmental workstation with the internal network's domain controller as the final target revealed that the overall success rate of a phishing attack reaching any node in a “generic enterprise” architecture is 20%, with less than 0% of the attacks reaching the intended target.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
