TY - GEN
T1 - Check your blind spot: a new cyber-security metric for measuring incident response readiness
AU - Aziz, Benjamin
AU - Malik, Ali
AU - Jung, Jeyong
PY - 2017/4/25
Y1 - 2017/4/25
N2 - This paper presents some ideas on defining and implementing a new Cyber-security risk metric for measuring the readiness of organisations, in terms of the availability of their resources, in dealing with new attack incidents launched against their infrastructures whilst recovering from ongoing incidents. Our new metric, the Mean Blind Spot, is defined as the average interval between the recovery time of an existing incident and the occurrence time of a new incident. It is therefore designed to capture those time intervals where the organisation is most vulnerable due to possible lack of available resources. We present an approach for implementing our new metric using open data on security incidents available from the VERIS community dataset.
AB - This paper presents some ideas on defining and implementing a new Cyber-security risk metric for measuring the readiness of organisations, in terms of the availability of their resources, in dealing with new attack incidents launched against their infrastructures whilst recovering from ongoing incidents. Our new metric, the Mean Blind Spot, is defined as the average interval between the recovery time of an existing incident and the occurrence time of a new incident. It is therefore designed to capture those time intervals where the organisation is most vulnerable due to possible lack of available resources. We present an approach for implementing our new metric using open data on security incidents available from the VERIS community dataset.
UR - https://www.fokus.fraunhofer.de/en/events/risk_2016
U2 - 10.1007/978-3-319-57858-3_3
DO - 10.1007/978-3-319-57858-3_3
M3 - Conference contribution
VL - 10224
T3 - Lecture Notes in Computer Science
SP - 19
EP - 33
BT - Proceedings of the 4th International Workshop on Risk Assessment and Risk-driven Testing
PB - Springer
T2 - 4th International Workshop on Risk Assessment and Risk-driven Quality Assurance
Y2 - 18 October 2016
ER -