Business Resilient Vulnerability Analysis for Dynamic High Security Environment

Vulnerability analysis methods have gained more interest in recent years, due to the publicity of international cyber attacks on critical infrastructure, emerging hacktivism and business reconnaissance. This shift has sparked discussion on the costs of risk management in software development. In this paper, we discuss vulnerability analysis in the context of critical systems: systems in which an operative outage endangers the continuity of the organization. As a solution to the expenses of improved information security, we define a concept termed business resilience, which offers a general reference point for relevant improvements to a system. In this context, business refers to any profit-centered element of an organization. We present an approach to determining the criticality of an identified threat to the business. We also propose a methodology for utilizing business resilience properties in dynamic environments, such as the high security networks used by the military. The discussion and views presented in this paper can be adopted by any organization concerned about sensitive and classified contents stored and communicated in current ICT systems in the context of cloud computing.