//
you're reading...
Information Security, IT & TECHNOLOGY

Improving Metrics in Cyber Resiliency: A Study from CSA


With the growth in cloud computing, businesses rely on the network to access information about operational assets being stored away from the local server. Decoupling information assets from other operational assets could result in poor operational resiliency if the cloud is compromised. Therefore, to keep the operational resiliency unaffected, it is essential to bolster information asset resiliency in the cloud.

To study the resiliency of cloud computing, the CSA formed a research team consisting of members from both private and public sectors within the Incident Management and Forensics Working Group and the Cloud Cyber Incident Sharing Center.

To measure cyber resiliency, the team leveraged a model developed to measure the resiliency of a community after an earthquake. Expanding this model to cybersecurity introduced two new variables that could be used to improve cyber resiliency.

  • Elapsed Time to Identify Failure (ETIF)
  • Elapsed Time to Identify Threat (ETIT)

Measuring these and developing processes to lower the values of ETIF and ETIT can improve the resiliency of an information system.

The study also looked at recent cyberattacks and measured ETIF for each of the attacks. The result showed that the forensic analysis process is not standard across all industries and, as such, the data in the public domain are not comparable. Therefore, to improve cyber resiliency, the team recommends that the calculation and publication of ETIF be transferred to an independent body (such as companies in IDS space) from the companies that experienced cyberattacks. A technical framework and appropriate regulatory framework need to be created to enable the measurement and reporting of ETIF and ETIT.

Download the full study.

Dr. Senthil Arul, Lead Author, Improving Metrics in Cyber Resiliency

[Cloud Security Alliance Blog]

About @PhilipHungCao

@PhilipHungCao, CISM, CCSP, CCSK, CASP, CIW-WSP, GICSP, PCNSE, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Discussion

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Web Stats

  • 121,046 hits
@PhilipHungCao

@PhilipHungCao

@PhilipHungCao, CISM, CCSP, CCSK, CASP, CIW-WSP, GICSP, PCNSE, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Personal Links

View Full Profile →

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 2,357 other followers

Twitter Updates

Archives

September 2017
M T W T F S S
« Aug   Oct »
 123
45678910
11121314151617
18192021222324
252627282930  
%d bloggers like this: