DocumentCode
2742096
Title
An approach for estimating cyber attack level of effort
Author
Llanso, Thomas ; Dwivedi, Anurag ; Smeltzer, Michael
Author_Institution
Johns Hopkins Univ. Appl. Phys. Lab., Laurel, MD, USA
fYear
2015
fDate
13-16 April 2015
Firstpage
14
Lastpage
19
Abstract
Timely risk assessments allow organizations to gauge the degree to which cyber attacks threaten their mission/business objectives. Risk plots in such assessments typically include cyber attack likelihood values along with the impact. This paper describes an algorithm and an associated model that allow for estimation of one aspect of cyber attack likelihood, attack level of effort. The approach involves the use of an ordinal set of standardized attacker tiers, associated attacker capabilities, and protections (security controls) required to resist those capabilities.
Keywords
business data processing; organisational aspects; risk management; security of data; attacker capability; business objective; cyber attack likelihood value; mission objective; organizations; risk assessment; security control; standardized attacker tier; Context; NIST; Risk management; Security; Unified modeling language; Attack; Cyber; Level of Effort; Risk;
fLanguage
English
Publisher
ieee
Conference_Titel
Systems Conference (SysCon), 2015 9th Annual IEEE International
Conference_Location
Vancouver, BC
Type
conf
DOI
10.1109/SYSCON.2015.7116722
Filename
7116722
Link To Document