Optimizing the RoI of cyber risk mitigation

Mohammed Noraden Alsaleh; Ghaith Husari; Ehab Al-Shaer

doi:10.1109/CNSM.2016.7818421

Optimizing the RoI of cyber risk mitigation

Mohammed Noraden Alsaleh
, Ghaith Husari
, Ehab Al-Shaer

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

5 Scopus citations

Abstract

In this paper, we present a security analytics framework that augments host compliance reports with network configuration to assess the risk globally and devise cost-effective mitigation plans. We define metrics to measure the global enterprise risk based on network assets' vulnerabilities, their inter-dependencies, and network configurations. Our framework takes the decision burden away from administrators by automatically recommending cost-effective mitigation actions that achieve the expected return on investment (RoI). We use XCCDF, a language defined as part of the Security Content Automation Protocol (SCAP), to communicate the compliance benchmarking and scoring reports. In addition, we utilize the basic metrics defined in the standard vulnerability scoring systems, such as CVSS, to accurately assess the global risk. We formalize our proposed mitigation planning solution as a constraints satisfaction problem and we solve it using the Z3 SMT solver.

Original language	English
Title of host publication	2016 12th International Conference on Network and Service Management, CNSM 2016 and Workshops, 3rd International Workshop on Management of SDN and NFV, ManSDN/NFV 2016, and International Workshop on Green ICT and Smart Networking, GISN 2016
Editors	Shannon Keith-Marsoun, Carlos Raniery Paula dos Santos, Noura Limam, Mohamed Cheriet, Mohamed Faten Zhani, Olivier Festor
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	223-227
Number of pages	5
ISBN (Electronic)	9783901882852
DOIs	https://doi.org/10.1109/CNSM.2016.7818421
State	Published - 13 Jan 2017
Externally published	Yes
Event	12th International Conference on Network and Service Management, CNSM 2016 and Workshops, 3rd International Workshop on Management of SDN and NFV, ManSDN/NFV 2016 and International Workshop on Green ICT and Smart Networking, GISN 2016 - Montreal, Canada Duration: 31 Oct 2016 → 4 Nov 2016

Publication series

Name	2016 12th International Conference on Network and Service Management, CNSM 2016 and Workshops, 3rd International Workshop on Management of SDN and NFV, ManSDN/NFV 2016, and International Workshop on Green ICT and Smart Networking, GISN 2016

Conference

Conference	12th International Conference on Network and Service Management, CNSM 2016 and Workshops, 3rd International Workshop on Management of SDN and NFV, ManSDN/NFV 2016 and International Workshop on Green ICT and Smart Networking, GISN 2016
Country/Territory	Canada
City	Montreal
Period	31/10/16 → 4/11/16

Bibliographical note

Publisher Copyright:
© 2016 IFIP.

ASJC Scopus subject areas

Computer Networks and Communications
Computer Science Applications
Hardware and Architecture
Information Systems
Information Systems and Management

Access to Document

10.1109/CNSM.2016.7818421

Cite this

Alsaleh, M. N., Husari, G., & Al-Shaer, E. (2017). Optimizing the RoI of cyber risk mitigation. In S. Keith-Marsoun, C. R. P. dos Santos, N. Limam, M. Cheriet, M. F. Zhani, & O. Festor (Eds.), 2016 12th International Conference on Network and Service Management, CNSM 2016 and Workshops, 3rd International Workshop on Management of SDN and NFV, ManSDN/NFV 2016, and International Workshop on Green ICT and Smart Networking, GISN 2016 (pp. 223-227). Article 7818421 (2016 12th International Conference on Network and Service Management, CNSM 2016 and Workshops, 3rd International Workshop on Management of SDN and NFV, ManSDN/NFV 2016, and International Workshop on Green ICT and Smart Networking, GISN 2016). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/CNSM.2016.7818421

Alsaleh, Mohammed Noraden ; Husari, Ghaith ; Al-Shaer, Ehab. / Optimizing the RoI of cyber risk mitigation. 2016 12th International Conference on Network and Service Management, CNSM 2016 and Workshops, 3rd International Workshop on Management of SDN and NFV, ManSDN/NFV 2016, and International Workshop on Green ICT and Smart Networking, GISN 2016. editor / Shannon Keith-Marsoun ; Carlos Raniery Paula dos Santos ; Noura Limam ; Mohamed Cheriet ; Mohamed Faten Zhani ; Olivier Festor. Institute of Electrical and Electronics Engineers Inc., 2017. pp. 223-227 (2016 12th International Conference on Network and Service Management, CNSM 2016 and Workshops, 3rd International Workshop on Management of SDN and NFV, ManSDN/NFV 2016, and International Workshop on Green ICT and Smart Networking, GISN 2016).

@inproceedings{3aaec966aad04c68a534f0d60a9ec9df,

title = "Optimizing the RoI of cyber risk mitigation",

abstract = "In this paper, we present a security analytics framework that augments host compliance reports with network configuration to assess the risk globally and devise cost-effective mitigation plans. We define metrics to measure the global enterprise risk based on network assets' vulnerabilities, their inter-dependencies, and network configurations. Our framework takes the decision burden away from administrators by automatically recommending cost-effective mitigation actions that achieve the expected return on investment (RoI). We use XCCDF, a language defined as part of the Security Content Automation Protocol (SCAP), to communicate the compliance benchmarking and scoring reports. In addition, we utilize the basic metrics defined in the standard vulnerability scoring systems, such as CVSS, to accurately assess the global risk. We formalize our proposed mitigation planning solution as a constraints satisfaction problem and we solve it using the Z3 SMT solver.",

author = "Alsaleh, \{Mohammed Noraden\} and Ghaith Husari and Ehab Al-Shaer",

note = "Publisher Copyright: {\textcopyright} 2016 IFIP.; 12th International Conference on Network and Service Management, CNSM 2016 and Workshops, 3rd International Workshop on Management of SDN and NFV, ManSDN/NFV 2016 and International Workshop on Green ICT and Smart Networking, GISN 2016 ; Conference date: 31-10-2016 Through 04-11-2016",

year = "2017",

month = jan,

day = "13",

doi = "10.1109/CNSM.2016.7818421",

language = "English",

series = "2016 12th International Conference on Network and Service Management, CNSM 2016 and Workshops, 3rd International Workshop on Management of SDN and NFV, ManSDN/NFV 2016, and International Workshop on Green ICT and Smart Networking, GISN 2016",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "223--227",

editor = "Shannon Keith-Marsoun and \{dos Santos\}, \{Carlos Raniery Paula\} and Noura Limam and Mohamed Cheriet and Zhani, \{Mohamed Faten\} and Olivier Festor",

booktitle = "2016 12th International Conference on Network and Service Management, CNSM 2016 and Workshops, 3rd International Workshop on Management of SDN and NFV, ManSDN/NFV 2016, and International Workshop on Green ICT and Smart Networking, GISN 2016",

address = "United States",

}

Alsaleh, MN, Husari, G & Al-Shaer, E 2017, Optimizing the RoI of cyber risk mitigation. in S Keith-Marsoun, CRP dos Santos, N Limam, M Cheriet, MF Zhani & O Festor (eds), 2016 12th International Conference on Network and Service Management, CNSM 2016 and Workshops, 3rd International Workshop on Management of SDN and NFV, ManSDN/NFV 2016, and International Workshop on Green ICT and Smart Networking, GISN 2016., 7818421, 2016 12th International Conference on Network and Service Management, CNSM 2016 and Workshops, 3rd International Workshop on Management of SDN and NFV, ManSDN/NFV 2016, and International Workshop on Green ICT and Smart Networking, GISN 2016, Institute of Electrical and Electronics Engineers Inc., pp. 223-227, 12th International Conference on Network and Service Management, CNSM 2016 and Workshops, 3rd International Workshop on Management of SDN and NFV, ManSDN/NFV 2016 and International Workshop on Green ICT and Smart Networking, GISN 2016, Montreal, Canada, 31/10/16. https://doi.org/10.1109/CNSM.2016.7818421

Optimizing the RoI of cyber risk mitigation. / Alsaleh, Mohammed Noraden; Husari, Ghaith; Al-Shaer, Ehab.
2016 12th International Conference on Network and Service Management, CNSM 2016 and Workshops, 3rd International Workshop on Management of SDN and NFV, ManSDN/NFV 2016, and International Workshop on Green ICT and Smart Networking, GISN 2016. ed. / Shannon Keith-Marsoun; Carlos Raniery Paula dos Santos; Noura Limam; Mohamed Cheriet; Mohamed Faten Zhani; Olivier Festor. Institute of Electrical and Electronics Engineers Inc., 2017. p. 223-227 7818421 (2016 12th International Conference on Network and Service Management, CNSM 2016 and Workshops, 3rd International Workshop on Management of SDN and NFV, ManSDN/NFV 2016, and International Workshop on Green ICT and Smart Networking, GISN 2016).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Optimizing the RoI of cyber risk mitigation

AU - Alsaleh, Mohammed Noraden

AU - Husari, Ghaith

AU - Al-Shaer, Ehab

PY - 2017/1/13

Y1 - 2017/1/13

N2 - In this paper, we present a security analytics framework that augments host compliance reports with network configuration to assess the risk globally and devise cost-effective mitigation plans. We define metrics to measure the global enterprise risk based on network assets' vulnerabilities, their inter-dependencies, and network configurations. Our framework takes the decision burden away from administrators by automatically recommending cost-effective mitigation actions that achieve the expected return on investment (RoI). We use XCCDF, a language defined as part of the Security Content Automation Protocol (SCAP), to communicate the compliance benchmarking and scoring reports. In addition, we utilize the basic metrics defined in the standard vulnerability scoring systems, such as CVSS, to accurately assess the global risk. We formalize our proposed mitigation planning solution as a constraints satisfaction problem and we solve it using the Z3 SMT solver.

AB - In this paper, we present a security analytics framework that augments host compliance reports with network configuration to assess the risk globally and devise cost-effective mitigation plans. We define metrics to measure the global enterprise risk based on network assets' vulnerabilities, their inter-dependencies, and network configurations. Our framework takes the decision burden away from administrators by automatically recommending cost-effective mitigation actions that achieve the expected return on investment (RoI). We use XCCDF, a language defined as part of the Security Content Automation Protocol (SCAP), to communicate the compliance benchmarking and scoring reports. In addition, we utilize the basic metrics defined in the standard vulnerability scoring systems, such as CVSS, to accurately assess the global risk. We formalize our proposed mitigation planning solution as a constraints satisfaction problem and we solve it using the Z3 SMT solver.

UR - https://www.scopus.com/pages/publications/85013652399

U2 - 10.1109/CNSM.2016.7818421

DO - 10.1109/CNSM.2016.7818421

M3 - Conference contribution

AN - SCOPUS:85013652399

T3 - 2016 12th International Conference on Network and Service Management, CNSM 2016 and Workshops, 3rd International Workshop on Management of SDN and NFV, ManSDN/NFV 2016, and International Workshop on Green ICT and Smart Networking, GISN 2016

SP - 223

EP - 227

BT - 2016 12th International Conference on Network and Service Management, CNSM 2016 and Workshops, 3rd International Workshop on Management of SDN and NFV, ManSDN/NFV 2016, and International Workshop on Green ICT and Smart Networking, GISN 2016

A2 - Keith-Marsoun, Shannon

A2 - dos Santos, Carlos Raniery Paula

A2 - Limam, Noura

A2 - Cheriet, Mohamed

A2 - Zhani, Mohamed Faten

A2 - Festor, Olivier

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 12th International Conference on Network and Service Management, CNSM 2016 and Workshops, 3rd International Workshop on Management of SDN and NFV, ManSDN/NFV 2016 and International Workshop on Green ICT and Smart Networking, GISN 2016

Y2 - 31 October 2016 through 4 November 2016

ER -

Alsaleh MN, Husari G, Al-Shaer E. Optimizing the RoI of cyber risk mitigation. In Keith-Marsoun S, dos Santos CRP, Limam N, Cheriet M, Zhani MF, Festor O, editors, 2016 12th International Conference on Network and Service Management, CNSM 2016 and Workshops, 3rd International Workshop on Management of SDN and NFV, ManSDN/NFV 2016, and International Workshop on Green ICT and Smart Networking, GISN 2016. Institute of Electrical and Electronics Engineers Inc. 2017. p. 223-227. 7818421. (2016 12th International Conference on Network and Service Management, CNSM 2016 and Workshops, 3rd International Workshop on Management of SDN and NFV, ManSDN/NFV 2016, and International Workshop on Green ICT and Smart Networking, GISN 2016). doi: 10.1109/CNSM.2016.7818421

Optimizing the RoI of cyber risk mitigation

Abstract

Publication series

Conference

Bibliographical note

ASJC Scopus subject areas

Access to Document

Fingerprint

Cite this