NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.

Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.

U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

Assessing the Impact on Business Processes by Interconnecting Attack Graphs and Entity Dependency Graphs

Published

Author(s)

Chen Cao, Lunpin Yuan, Anoop Singhal, Peng Liu, Xiaoyan Sun, S Zhu

Abstract

In a business-process-support enterprise network, cyber defense and cyber resilience usually become ineffective and even fail in defeating cyberattacks. One of the primary causes is the ineffectiveness of business process impact assessment in the enterprise network. In this paper, we propose a new business process impact assessment method, which measures the impact of an attack towards a business-process- support enterprise network and produces a numerical score for this impact. The key idea is that all attacks derive from exploiting vulnerabilities in the enterprise network, and the impact score is the function result of the severity of the vulnerabilities and the relations between vulnerabilities and business processes. This paper conducts a case study systematically and the result shows the effectiveness of our method.
Proceedings Title
DBSec 2018: Data and Applications Security and Privacy XXXII
Volume
10980
Conference Dates
July 16-18, 2018
Conference Location
Bergamo, IT
Conference Title
IFIP International Conference on Database and Application Security and Privacy (DBSEC 2018)
Pub Type
Conferences

Download Paper

https://doi.org/10.1007/978-3-319-95729-6_21
Local Download

Keywords

Mission Impact, Active Cyber Defense, Cloud Computing, Attack Graphs
Information technology and Cybersecurity and privacy

Citation

Cao, C. , Yuan, L. , Singhal, A. , Liu, P. , Sun, X. and Zhu, S. (2018), Assessing the Impact on Business Processes by Interconnecting Attack Graphs and Entity Dependency Graphs, DBSec 2018: Data and Applications Security and Privacy XXXII , Bergamo, IT, [online], https://doi.org/10.1007/978-3-319-95729-6_21, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=925926 (Accessed October 9, 2025)

Issues

If you have any questions about this publication or are having problems accessing it, please contact [email protected].

Created July 9, 2018, Updated October 12, 2021
Was this page helpful?