Check your blind spot: a new cyber-security metric for measuring incident response readiness

Benjamin Aziz, Ali Malik, Jeyong Jung

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1113 Downloads (Pure)

Abstract

This paper presents some ideas on defining and implementing a new Cyber-security risk metric for measuring the readiness of organisations, in terms of the availability of their resources, in dealing with new attack incidents launched against their infrastructures whilst recovering from ongoing incidents. Our new metric, the Mean Blind Spot, is defined as the average interval between the recovery time of an existing incident and the occurrence time of a new incident. It is therefore designed to capture those time intervals where the organisation is most vulnerable due to possible lack of available resources. We present an approach for implementing our new metric using open data on security incidents available from the VERIS community dataset.
Original languageEnglish
Title of host publicationProceedings of the 4th International Workshop on Risk Assessment and Risk-driven Testing
Subtitle of host publicationRISK 2016 Risk Assessment and Risk-driven Quality Assurance
PublisherSpringer
Pages19-33
Number of pages16
Volume10224
DOIs
Publication statusEarly online - 25 Apr 2017
Event4th International Workshop on Risk Assessment and Risk-driven Quality Assurance: RISK 2016 - Graz, Austria
Duration: 18 Oct 2016 → …

Publication series

NameLecture Notes in Computer Science
ISSN (Print)0302-9743

Workshop

Workshop4th International Workshop on Risk Assessment and Risk-driven Quality Assurance
Country/TerritoryAustria
CityGraz
Period18/10/16 → …

Fingerprint

Dive into the research topics of 'Check your blind spot: a new cyber-security metric for measuring incident response readiness'. Together they form a unique fingerprint.

Cite this