Cyber resilience requirements may be implemented either to comply with regulatory obligations or to align with industry best practices. They enable organizations to demonstrate that they are capable of anticipating, withstanding, recovering from, and adapting to difficult situations and stresses. In this context, metrics can be used in a structured way to demonstrate these capabilities. These are conceptual data repositories that define and standardize information. They must be clearly defined, effectively implemented, and continuously monitored. According to [30] metrics are measures and assessment results intended to track progress, support decision-making, and enhance performance against defined targets. In this paper, we propose an approach for eliciting and selecting cyber resilience metrics that considers the enterprise architecture layers defined by TOGAF. Once selected, we propose a quantitative approach to evaluate the cyber-resilience level of a capability and a Petri net model to represent the interdependencies between cyber-resilience across the enterprise architecture layers.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Eliciting Metrics and Evaluating Cyber Resilience of a Capability in the Context of a Multilayer Enterprise Architecture

  • Francis Wanko Naa,
  • Nora Boulahia-Cuppens,
  • Frederic Cuppens

摘要

Cyber resilience requirements may be implemented either to comply with regulatory obligations or to align with industry best practices. They enable organizations to demonstrate that they are capable of anticipating, withstanding, recovering from, and adapting to difficult situations and stresses. In this context, metrics can be used in a structured way to demonstrate these capabilities. These are conceptual data repositories that define and standardize information. They must be clearly defined, effectively implemented, and continuously monitored. According to [30] metrics are measures and assessment results intended to track progress, support decision-making, and enhance performance against defined targets. In this paper, we propose an approach for eliciting and selecting cyber resilience metrics that considers the enterprise architecture layers defined by TOGAF. Once selected, we propose a quantitative approach to evaluate the cyber-resilience level of a capability and a Petri net model to represent the interdependencies between cyber-resilience across the enterprise architecture layers.