Mon, Nov 4, 2024
[Archive]
Volume 15, Issue 3 (9-2023)
itrc 2023, 15(3): 21-30 |
Back to browse issues page
Download citation:
BibTeX | RIS | EndNote | Medlars | ProCite | Reference Manager | RefWorks
Send citation to:
BibTeX | RIS | EndNote | Medlars | ProCite | Reference Manager | RefWorks
Send citation to:
FarahaniNia S, Dehghan M, Sadeghiyan B, Niksefat S. Impact Assessment for Cyber Security Situation Awareness. itrc 2023; 15 (3) :21-30
URL: http://journal.itrc.ac.ir/article-1-621-en.html
URL: http://journal.itrc.ac.ir/article-1-621-en.html
1- Department of Computer Engineering Amirkabir University of Technology Tehran, Iran
2- Department of Industrial and Systems Engineering Tarbiat Modares University Tehran, Iran ,m_dehghan@modares.ac.ir
3- APA Research Center Amirkabir University of Technology Tehran, Iran
2- Department of Industrial and Systems Engineering Tarbiat Modares University Tehran, Iran ,
3- APA Research Center Amirkabir University of Technology Tehran, Iran
Abstract: (1651 Views)
Cyber security situation awareness is important for the analysis of cyberspace, and detection of ever-changing threats. As computer networks and systems continue to increase in complexity and sophistication, the requirements and on a cybersecurity operator increase as well. In this paper, we propose a simulation system to assess the impacts of attacks on cyber assets and identify critical assets. Our proposed system helps to have better situation awareness. For this purpose, we first generate the business process model of the organization. This business process model not only contains information about the mission activities but also contains features of the process itself and the context in which the system operates. Then, we determine the dependency between the processes and the cyber assets of an enterprise. Finally, we simulate some attacks on cyber assets. We evaluate the impacts of attacks on the cyber assets and asset-dependent processes by comparing the Measure of Effectiveness before and after of attack simulation.
Keywords: Cyber Security, Situation Awareness, Business Process Model, Simulation, Cyber Attack, Measure of Effectiveness, Impcat Assessment
Type of Study: Research |
Subject:
Information Technology
References
1. [1] K. K. R. Choo, "The Cyber Threat Landscape: Challenges and Future Research Directions", Computers & security, vol. 30, no.8, pp. 719-731, 2011. [DOI:10.1016/j.cose.2011.08.004]
2. [2] M. R. Endsley , Toward a Theory of Situation Awareness in Dynamic Systems, Human Factors, vol. 37, no.1, pp. 32-64,1995b. [DOI:10.1518/001872095779049543]
3. [3] D. Sola, et al., On the Use of Knowledge Graph Completion Methods for Activity Recommendation in Business Process Modeling, In International Conference on Business Process Management, pp. 5-17. Springer, Cham, 2021. [DOI:10.1007/978-3-030-94343-1_1]
4. [4] S. Emilio, I. A. Amantea, and G. Fornero, Risk-aware Business Process Modeling: a Comparison of Discrete Event and Agent-based Approaches, In 2019 Winter Simulation Conference (WSC), pp. 3152-3159. IEEE, 2019.
5. [5] B. Tim, and R. Cooke, Probabilistic Risk Analysis: Foundations and Methods, Cambridge University Press, 2001.
6. [6] L. Manuel, and J. Marklund, Business Process Modeling, Simulation and Design, Chapman and Hall/CRC, 2018.
7. [7] P. Pille, et al., Privacy-enhanced BPMN: Enabling Data Privacy Analysis in Business Processes Models, Software and Systems Modeling, vol. 18, no. 6, pp. 3235-3264, 2019. [DOI:10.1007/s10270-019-00718-z]
8. [8] B. L. James, Quality Function Deployment: a Practitioner's Approach CRC Press, 2021.
9. [9] T, Hsin-Yi, and Y. Huang, An Analytic Hierarchy Process based Risk Assessment Method for Wireless Networks, IEEE Transactions on Reliability, vol. 60, no. 4. pp. 801-816, 2011. [DOI:10.1109/TR.2011.2170117]
10. [10] J. Watters, et al., The Risk-to-Mission Assessment Process (RiskMAP): A Sensitivity Analysis and an Extension to Treat Volume 15- Number 3 - 2023 (21 -30) 29 Confidentiality Issues, MITRE CORP MCLEAN VA Report,2009 Jul 1.
11. [11] C. J. Alberts, and A. J. Dorofee, Mission Assurance Analysis Protocol (MAAP): Assessing Risk in Complex Environments, CARNEGIE- MELLON UNIV PITTSBURGH PA SOFTWARE ENGINEERING INST Report, 2005 Sep 1. [DOI:10.21236/ADA441906]
12. [12] R. A. CARALLI, et al., Improving the Information Security Risk Assessment Process, Carnegie-Mellon Univ Pittsburgh PA Software Engineering Inst Report, 2007.
13. [13] A. Blyth, and G. Kovacich, Information Assurance: Security in the Information, Cambridge: Springer, 2006.
14. [14] A. Ravi, Managing Business Process Flows: Principles of Operations Management, 2/E. Pearson Education India, 2008.
15. [15] bpmn-js: https://bpmn.io/toolkit/bpmn-js/
Send email to the article author
| Rights and permissions | |
 | This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License. |
