Abstract
This paper presents some ideas on defining and implementing a new Cyber-security risk metric for measuring the readiness of organisations, in terms of the availability of their resources, in dealing with new attack incidents launched against their infrastructures whilst recovering from ongoing incidents. Our new metric, the Mean Blind Spot, is defined as the average interval between the recovery time of an existing incident and the occurrence time of a new incident. It is therefore designed to capture those time intervals where the organisation is most vulnerable due to possible lack of available resources. We present an approach for implementing our new metric using open data on security incidents available from the VERIS community dataset.
| Original language | English |
|---|---|
| Title of host publication | Risk Assessment and Risk-Driven Quality Assurance: 4th International Workshop, RISK |
| Place of Publication | Graz, Austria |
| Publisher | Springer |
| DOIs | |
| Publication status | Published - 2017 |
| Externally published | Yes |
| Event | Risk Assessment and Risk-Driven Quality Assurance: 4th International Workshop, RISK 2016, Held in Conjunction with ICTSS 2016, Graz, Austria, October 18, 2016, Revised Selected Papers 4 - Graz, Austria Duration: 18 Oct 2016 → … https://link.springer.com/book/10.1007/978-3-319-57858-3 |
Conference
| Conference | Risk Assessment and Risk-Driven Quality Assurance: 4th International Workshop, RISK 2016, Held in Conjunction with ICTSS 2016, Graz, Austria, October 18, 2016, Revised Selected Papers 4 |
|---|---|
| Abbreviated title | RISK |
| Country/Territory | Austria |
| City | Graz |
| Period | 18/10/16 → … |
| Internet address |