Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Assessing the Impact on Business Processes by Interconnecting Attack Graphs and Entity Dependency Graphs

Published

Author(s)

Chen Cao, Lunpin Yuan, Anoop Singhal, Peng Liu, Xiaoyan Sun, S Zhu

Abstract

In a business-process-support enterprise network, cyber defense and cyber resilience usually become ineffective and even fail in defeating cyberattacks. One of the primary causes is the ineffectiveness of business process impact assessment in the enterprise network. In this paper, we propose a new business process impact assessment method, which measures the impact of an attack towards a business-process- support enterprise network and produces a numerical score for this impact. The key idea is that all attacks derive from exploiting vulnerabilities in the enterprise network, and the impact score is the function result of the severity of the vulnerabilities and the relations between vulnerabilities and business processes. This paper conducts a case study systematically and the result shows the effectiveness of our method.
Proceedings Title
DBSec 2018: Data and Applications Security and Privacy XXXII
Volume
10980
Conference Dates
July 16-18, 2018
Conference Location
Bergamo, -1
Conference Title
IFIP International Conference on Database and Application Security and Privacy (DBSEC 2018)

Keywords

Mission Impact, Active Cyber Defense, Cloud Computing, Attack Graphs
Created July 10, 2018, Updated July 27, 2018