Title :
An approach for estimating cyber attack level of effort
Author :
Llanso, Thomas ; Dwivedi, Anurag ; Smeltzer, Michael
Author_Institution :
Johns Hopkins Univ. Appl. Phys. Lab., Laurel, MD, USA
Abstract :
Timely risk assessments allow organizations to gauge the degree to which cyber attacks threaten their mission/business objectives. Risk plots in such assessments typically include cyber attack likelihood values along with the impact. This paper describes an algorithm and an associated model that allow for estimation of one aspect of cyber attack likelihood, attack level of effort. The approach involves the use of an ordinal set of standardized attacker tiers, associated attacker capabilities, and protections (security controls) required to resist those capabilities.
Keywords :
business data processing; organisational aspects; risk management; security of data; attacker capability; business objective; cyber attack likelihood value; mission objective; organizations; risk assessment; security control; standardized attacker tier; Context; NIST; Risk management; Security; Unified modeling language; Attack; Cyber; Level of Effort; Risk;
Conference_Titel :
Systems Conference (SysCon), 2015 9th Annual IEEE International
Conference_Location :
Vancouver, BC
DOI :
10.1109/SYSCON.2015.7116722
