![Sample our Computer Science journals, sign in here to start your access, latest two full volumes FREE to you for 14 days]({"type":"image" , "src" : "/sda/5928/TOC-Subject-Sample-2021-Computer-Science.jpg"})
ABSTRACT
This paper presents a novel simulation for estimating the impact of cyber attacks. Current approaches have adopted the probabilistic risk analysis in order to estimate the impact of attacks mostly on assets or business processes. More recent approaches involve vulnerability analysis on networks of systems and sensor input from third-party detection tools in order to identify attack paths. All these methods are focusing on one level at a time, defining impact in terms of confidentiality, integrity, and availability, failing to place people and technology together in an organization’s functional context. We propose an interdependency impact assessment approach, focusing on the responsibilities and the dependencies that flow through the supply chain, mapping them down into an agent-based socio-technical model. This method is useful for modeling consequences across all levels of organizations networks—business processes, business roles, and systems. We are aiming to make chaining analysis on threat scenarios and perform impact assessment, providing situational awareness for cyber defense purposes. Although the model has various applications, our case study is specifically focusing on critical information infrastructures due to the criticality of the systems and the fact that the area is still lacking security-focused research and heavily relies on reliability theory and failure rate.
Additional information
Notes on contributors
Konstantinia Charitoudi
Konstantinia Charitoudi has a Computer Science degree and is currently pursuing a PhD in Information Security at the University of South Wales, UK. Her main focus of research is on cyber attack impact assessment simulations on the critical infrastructure. More specifically, she is looking into ways of identifying the propagation of the impact of a cyber attack on the critical infrastructure from the lower physical level to the functions level, all the way up to the personnel roles level.
Andrew J. C. Blyth
Andrew J. C. Blyth is Head of the Information Security Research Group & GSC-CSIRT at the Faculty of Computing, Engineering and Science, University of South Wales. Professor Blyth is one the leading researchers in Information Security in the United Kingdom.