Title :
Managing business health in the presence of malicious attacks
Author :
Zonouz, Saman A. ; Sharma, Aashish ; Ramasamy, HariGovind V. ; Kalbarczyk, Zbigniew T. ; Pfitzmann, Birgit ; McAuliffe, Kevin ; Iyer, Ravishankar K. ; Sanders, William H. ; Cop, Eric
Author_Institution :
Univ. of Illinois at Urbana-Champaign, Champaign, IL, USA
Abstract :
Business metrics play a critical role in determining the best system-level configuration to achieve an organizational business-level goal. We present a framework for reasoning about business-level implications of malicious attacks affecting information technology (IT) systems that underlie various business processes. Through an exemplar web-based retail company scenario, we demonstrate how to quantify both the relative value of the individual business processes, and the relative cost to the business caused by breach of key security properties. The framework allows for mapping business-level metrics to IT system-level metrics, and uses a combination of those metrics to recommend optimal response actions and to guide recovery from security attacks. We validate the framework against three high-impact attack classes common in such web-based retail company situations.
Keywords :
Internet; business data processing; computer crime; organisational aspects; retail data processing; IT system level metrics; Web based retail company; business health management; information technology system; key security property; malicious attack; organizational business level goal; Business; Databases; Engines; Measurement; Security; Servers; Subspace constraints;
Conference_Titel :
Dependable Systems and Networks Workshops (DSN-W), 2011 IEEE/IFIP 41st International Conference on
Conference_Location :
Hong Kong
Print_ISBN :
978-1-4577-0374-4
Electronic_ISBN :
978-1-4577-0373-7
DOI :
10.1109/DSNW.2011.5958856
