@inproceedings{bd2d865129f04431a2f4c95952008752,
title = "Assessing attack impact on business processes by interconnecting attack graphs and entity dependency graphs",
abstract = "Cyber-defense and cyber-resilience techniques sometimes fail in defeating cyber-attacks. One of the primary causes is the ineffectiveness of business process impact assessment in the enterprise network. In this paper, we propose a new business process impact assessment method, which measures the impact of an attack towards a business-process-support enterprise network and produces a numerical score for this impact. The key idea is that all attacks are performed by exploiting vulnerabilities in the enterprise network. So the impact scores for business processes are the function result of the severity of the vulnerabilities and the relations between vulnerabilities and business processes. This paper conducts a case study systematically and the result shows the effectiveness of our method.",
author = "Chen Cao and Yuan, {Lun Pin} and Anoop Singhal and Peng Liu and Xiaoyan Sun and Sencun Zhu",
note = "Publisher Copyright: {\textcopyright} IFIP International Federation for Information Processing 2018.; 32nd Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy, DBSec 2018 ; Conference date: 16-07-2018 Through 18-07-2018",
year = "2018",
doi = "10.1007/978-3-319-95729-6_21",
language = "English (US)",
isbn = "9783319957289",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag",
pages = "330--348",
editor = "Stefano Paraboschi and Florian Kerschbaum",
booktitle = "Data and Applications Security and Privacy XXXII - 32nd Annual IFIP WG 11.3 Conference, DBSec 2018, Proceedings",
address = "Germany",
}