Date of Award
Spring 2019
Document Type
Dissertation
Degree Name
Doctor of Philosophy (PhD)
Department
Engineering Management & Systems Engineering
Committee Director
Adrian Gheorghe
Committee Member
C. Ariel Pinto
Committee Member
Charles B. Daniels
Committee Member
Hayretdin Bahsi
Abstract
Ensuring the security of cyberspace is one of the most significant challenges of the modern world because of its complexity. As the cyber environment is getting more integrated with the real world, the direct impact of cybersecurity problems on actual business frequently occur. Therefore, operational and strategic decision makers in particular need to understand the cyber environment and its potential impact on business. Cyber risk has become a top agenda item for businesses all over the world and is listed as one of the most serious global risks with significant financial implications for businesses.
Risk analysis is one of the primary tools used in this endeavor. Impact assessment, as an integral part of risk analysis, tries to estimate the possible damage of a cyber threat on business. It provides the main insight into risk prioritization as it incorporates business requirements into risk analysis for a better balance of security and usability. Moreover, impact assessment constitutes the main body of information flow between technical people and business leaders. Therefore, it requires the effective synergy of technological and business aspects of cybersecurity for protection against cyber threats.
The purpose of this research is to develop a methodology to quantify the impact of cybersecurity events, incidents, and threats. The developed method addresses the issue of impact quantification from an interdependent system of systems point of view. The objectives of this research are (1) developing a quantitative model to determine the impact propagation within a layer of an enterprise (i.e., asset, service or business process layer); (2) developing a quantitative model to determine the impact propagation among different layers within an enterprise; (3) developing an approach to estimate the economic cost of a cyber incident or event.
Although there are various studies in cybersecurity risk quantification, only a few studies focus on impact assessment at the business process layer by considering ripple effects at both the horizontal and vertical layers. This research develops an approach that quantifies the economic impact of cyber incidents, events and threats to business processes by considering the horizontal and vertical interdependencies and impact propagation within and among layers.
DOI
10.25777/01m9-z315
ISBN
9781085627788
Recommended Citation
Tatar, Unal.
"Quantifying Impact of Cyber Actions on Missions or Business Processes: A Multilayer Propagative Approach"
(2019). Doctor of Philosophy (PhD), Dissertation, Engineering Management & Systems Engineering, Old Dominion University, DOI: 10.25777/01m9-z315
https://digitalcommons.odu.edu/emse_etds/144
ORCID
0000-0001-8233-9566
Included in
Industrial Engineering Commons, Information Security Commons, Risk Analysis Commons, Systems Engineering Commons