A Pragmatic System-failure Assessment and Response Model

Jassim Happa; Graham Fairclough; Jason R. C. Nurse; Ioannis Agrafiotis; Michael Goldsmith; Sadie Creese

doi:10.5220/0005795105030508

A Pragmatic System-failure Assessment and Response Model

Jassim Happa, Graham Fairclough, Jason R. C. Nurse, Ioannis Agrafiotis, Michael Goldsmith, Sadie Creese

2016

Abstract

Several attack models exist today that attempt to describe cyber-attacks to varying degrees of granularity. Fast and effective decision-making during cyber-attacks is often vital, especially during incidents in which reputation, finance and physical damage can have a crippling effect on people and organisations. Such attacks can render an organisation paralysed, and it may cease to function, we refer to such an incident as a “System Failure”. In this paper we propose a novel conceptual model to help analysts make pragmatic decisions during a System Failure. Our model distils the essence of attacks and provides an easy-to-remember framework intended to help analysts ask relevant questions at the right time, irrespective of what data is available to them. Using abstraction-based reasoning our model allows enterprises to achieve “some” situational awareness during a System Failure, but more importantly, enable them to act upon their understanding and to justify their decisions. Abstraction drives the reasoning process making the approach relevant today and in the future, unlike several existing models that become deprecated over time (as attacks evolve). In the future, it will be necessary to trial the model in exercises to assess its value.

Download

Paper Citation

in Harvard Style

Happa J., Fairclough G., Nurse J., Agrafiotis I., Goldsmith M. and Creese S. (2016). A Pragmatic System-failure Assessment and Response Model . In Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-167-0, pages 503-508. DOI: 10.5220/0005795105030508

in Bibtex Style

@conference{icissp16,
author={Jassim Happa and Graham Fairclough and Jason R. C. Nurse and Ioannis Agrafiotis and Michael Goldsmith and Sadie Creese},
title={A Pragmatic System-failure Assessment and Response Model},
booktitle={Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2016},
pages={503-508},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005795105030508},
isbn={978-989-758-167-0},
}

in EndNote Style

TY - CONF
JO - Proceedings of the 2nd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - A Pragmatic System-failure Assessment and Response Model
SN - 978-989-758-167-0
AU - Happa J.
AU - Fairclough G.
AU - Nurse J.
AU - Agrafiotis I.
AU - Goldsmith M.
AU - Creese S.
PY - 2016
SP - 503
EP - 508
DO - 10.5220/0005795105030508